WO2017000861A1 - Method and apparatus for learning mac address in virtual local area network of switch - Google Patents

Method and apparatus for learning mac address in virtual local area network of switch Download PDF

Info

Publication number
WO2017000861A1
WO2017000861A1 PCT/CN2016/087311 CN2016087311W WO2017000861A1 WO 2017000861 A1 WO2017000861 A1 WO 2017000861A1 CN 2016087311 W CN2016087311 W CN 2016087311W WO 2017000861 A1 WO2017000861 A1 WO 2017000861A1
Authority
WO
WIPO (PCT)
Prior art keywords
local area
virtual local
area network
mac address
mac addresses
Prior art date
Application number
PCT/CN2016/087311
Other languages
French (fr)
Chinese (zh)
Inventor
田湘君
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Priority to EP16817225.2A priority Critical patent/EP3319276A4/en
Publication of WO2017000861A1 publication Critical patent/WO2017000861A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Definitions

  • This document relates to, but is not limited to, the field of communication technologies, and in particular, to a method and device for learning a MAC address in a virtual local area network of a switch.
  • the MAC (Media Access Control) protocol is located in the data link layer of the Open System Interconnection (OSI) seven-layer protocol. It is mainly responsible for controlling and connecting physical media of the physical layer.
  • OSI Open System Interconnection
  • the physical layer of various transmission media corresponds to the corresponding MAC layer, and the currently widely used network adopts the MAC layer standard of IEEE 802.3.
  • the key to the MAC protocol is the MAC address (ie, the physical address), and the MAC address is a limited resource in each network device.
  • a network device divides a virtual local area network (VLAN) to ensure that communications between different virtual local area networks do not interfere with each other. Broadcast and unicast traffic inside a VLAN is not forwarded to other VLANs, which helps control traffic, reduce equipment investment, simplify network management, and improve network security. If a MAC address flood attack occurs in a certain VLAN, if the virtual LAN occupies all the MAC address resources of the network device, not only the communication in the virtual LAN but also the other virtual LANs will be affected. normal operation.
  • VLAN virtual local area network
  • a commonly used network device is a rack switch
  • a rack switch is a slot type switch. This switch is widely used in a communication network because of its good scalability.
  • . 1 is a schematic structural diagram of a rack switch in the related art. As shown in FIG. 1 , a rack switch is composed of a plurality of line card processors and a main control processor, and hardware (ie, programmable logic devices) cannot implement the entire The uniform limit of the physical address of a virtual LAN in a rack switch can not accurately control the number of MAC addresses in a virtual LAN of the rack switch, which affects the normal operation of other VLANs.
  • the embodiment of the invention provides a method and a device for learning a MAC address in a virtual local area network of a switch, so as to at least solve the problem that the MAC address of the switch virtual local area network cannot be controlled in the related art.
  • the embodiment of the invention provides a method for learning a MAC address in a virtual local area network of a switch, which includes: determining whether the number of learned MAC addresses in the virtual local area network reaches a limit condition, wherein the restriction condition includes one of the following: a preset threshold Presetting a dynamic watermark value; if it is determined that the number of learned MAC addresses in the virtual local area network reaches the restriction condition, stopping learning the MAC address received after reaching the restriction condition, and according to the preset
  • the method is configured to process the received MAC address packet, where the preset manner includes one of the following: forwarding, and discarding.
  • determining whether the number of learned MAC addresses in the virtual local area network reaches a limiting condition includes: calculating a MAC address learned in all the virtual local area networks of the switch And obtaining a first total MAC address; determining whether the first total MAC address reaches a first preset dynamic watermark value, wherein the first preset dynamic watermark value is a second total MAC address and the first a product of a preset dynamic waterline percentage, wherein the second total MAC address is a sum of MAC addresses in all the virtual local area networks, wherein it is determined that the first total MAC address reaches the first preset dynamic waterline In the case of a value, it is determined that the number of learned MAC addresses in the virtual local area network reaches the constraint condition.
  • determining whether the number of learned MAC addresses in the virtual local area network reaches a limit condition further includes: if it is determined that the first total MAC address does not reach the first preset dynamic watermark value, Determining whether the first total MAC address reaches a second preset dynamic watermark value, wherein the second preset dynamic watermark value is the second total MAC address and the second preset dynamic water value a product of a line percentage, and the second preset dynamic water line value is smaller than the first preset dynamic water line value, wherein, determining that the first total MAC address reaches the second preset dynamic water line In the case of a value, it is determined that the number of learned MAC addresses in the virtual local area network reaches the constraint condition.
  • the method further includes: acquiring, in each of the virtual local area networks, a MAC in each of the virtual local area networks The number of addresses; determining whether the number of MAC addresses in the first target virtual local area network in the virtual local area network is greater than or equal to the first preset dynamic water line value; determining that all the virtual local area networks are in the first target virtual local area network If the number of MAC addresses is greater than or equal to the first preset dynamic watermark value, setting a limit value of the number of MAC addresses in the first target virtual local area network is a value of the learned MAC address in the first target virtual local area network.
  • the second preset dynamic watermark value is a product of the second total MAC address and a second preset dynamic waterline percentage
  • a dynamic watermark value if it is determined that the number of MAC addresses in the first target virtual local area network is smaller than the average value of the MAC address, setting a limit value of the number of MAC addresses in the first target virtual local area network is the MAC address average value.
  • the method further includes: acquiring, in each of the virtual local area networks, a MAC in each of the virtual local area networks The number of addresses; determining whether the number of MAC addresses in the second target virtual local area network in all the virtual local area networks is greater than or equal to a MAC address average value, wherein the average value of the MAC addresses is the second total MAC address and all the virtual local area networks a quotient of the quantity; determining that the number of MAC addresses in the second target virtual local area network in all of the virtual local area networks is greater than or equal to In the case of the MAC address average, the limit value of the number of MAC addresses in the second target virtual local area network is set to the first preset dynamic watermark value; and it is determined that all the virtual local area networks are in the second target virtual local area network In a case where the number of MAC addresses is smaller than the average value of the MAC addresses, setting a limit value of the number of the number of
  • the method further includes: determining that the second target virtual local area network is in a priority a range of ranges, wherein the priority range is used to indicate whether to continue learning MAC addresses in the second target virtual local area network.
  • the embodiment of the invention provides a device for learning a MAC address in a virtual local area network of a switch, comprising: a first determining module, configured to determine whether the number of learned MAC addresses in the virtual local area network reaches a limiting condition, wherein the limiting condition includes One of the following: a preset threshold, a preset dynamic watermark value; and a processing module configured to stop learning to reach the limit if it is determined that the number of MAC addresses learned in the virtual local area network reaches the limit condition
  • the MAC address received after the condition, and the packet of the MAC address received after the restriction condition is processed according to a preset manner, where the preset manner includes one of the following: forwarding and discarding.
  • the first determining module includes: a statistical unit, configured to collect the sum of the learned MAC addresses in all the virtual local area networks of the statistical switch, and obtain the first The first determining unit is configured to determine whether the first total MAC address reaches a first preset dynamic watermark value, wherein the first preset dynamic watermark value is a second total MAC address and a first a product of a preset dynamic waterline percentage, wherein the second total MAC address is a sum of MAC addresses in all the virtual local area networks, wherein it is determined that the first total MAC address reaches the first preset dynamic water In the case of a line value, it is determined that the number of learned MAC addresses in the virtual local area network reaches the constraint condition.
  • the first determining module further includes: a second determining unit, configured to determine, when it is determined that the first total MAC address does not reach the first preset dynamic watermark value, Whether the total MAC address reaches a second preset dynamic watermark value, wherein the second preset dynamic watermark value is a product of the second total MAC address and a second preset dynamic watermark percentage, and the The second preset dynamic watermark value is smaller than the first preset dynamic watermark value, wherein, when it is determined that the first total MAC address reaches the second preset dynamic watermark value, determining the Virtual local area network The number of MAC addresses learned in the middle reaches the limit.
  • a second determining unit configured to determine, when it is determined that the first total MAC address does not reach the first preset dynamic watermark value, Whether the total MAC address reaches a second preset dynamic watermark value, wherein the second preset dynamic watermark value is a product of the second total MAC address and a second preset dynamic watermark percentage, and the The second preset
  • the device further includes: a first acquiring module, configured to acquire, in the case that the first total MAC address reaches the first preset dynamic watermark value, obtain each of the virtual local area networks The number of MAC addresses in the virtual local area network; the second determining module is configured to determine whether the number of MAC addresses in the first target virtual local area network in the virtual local area network is greater than or equal to the first preset dynamic water line value; a setting module, configured to set the first target virtual local area network in a case where it is determined that the number of MAC addresses in the first target virtual local area network is greater than or equal to the first preset dynamic water line value in all the virtual local area networks The limit of the number of MAC addresses is the number of learned MAC addresses in the first target virtual local area network, and the MAC addresses learned in the first target virtual local area network but not used within the preset time period are deleted; a third determining module, configured to determine, in all the virtual local area networks, that the number of MAC addresses in the first target virtual local area network is smaller than the
  • a second setting module configured to set a limit value of the number of MAC addresses in the first target virtual local area network when determining that the number of MAC addresses in the first target virtual local area network is greater than or equal to the average value of the MAC addresses Determining a dynamic watermark value, and deleting a MAC address that is learned in the first target virtual local area but is not used in a preset time period, where the second preset dynamic watermark value is a product of a second total MAC address and a second preset dynamic waterline percentage, and the second preset dynamic watermark value is smaller than the first preset dynamic watermark value; and the third setting module is set to determine In a case that the number of MAC addresses in the first target virtual local area network is smaller than the average value of the MAC addresses, setting a limit value of the number of MAC addresses in the first target virtual local area network is an average value of the MAC addresses.
  • the device further includes: a second obtaining module, configured to acquire, in the case that the first total MAC address reaches the second preset dynamic watermark value, acquire each of the virtual local area networks The number of MAC addresses in the virtual local area network; the fourth determining module is configured to determine whether the number of MAC addresses in the second target virtual local area network in all the virtual local area networks is greater than or equal to an average value of the MAC addresses, and the average value of the MAC addresses is Determining a quotient of the second total MAC address and the number of all the virtual local area networks; and a fourth setting module, configured to determine all of the If the number of MAC addresses in the second target virtual local area network is greater than or equal to the average value of the MAC address in the virtual local area network, setting a limit value of the number of MAC addresses in the second target virtual local area network is the first preset dynamic water line.
  • a second obtaining module configured to acquire, in the case that the first total MAC address reaches the second preset dynamic watermark value, acquire each of
  • a fifth setting module configured to set a limit on the number of MAC addresses in the second target virtual local area network when determining that the number of MAC addresses in the second target virtual local area network is less than the average value of the MAC address in all the virtual local area networks The value is the second total MAC address.
  • the device further includes: a determining module, configured to determine the second target virtual after setting a limit value of the number of MAC addresses in the second target virtual local area network to the first preset dynamic waterline value The priority range of the local area network, wherein the priority range is used to indicate whether to continue learning the MAC address in the second target virtual local area network.
  • a determining module configured to determine the second target virtual after setting a limit value of the number of MAC addresses in the second target virtual local area network to the first preset dynamic waterline value The priority range of the local area network, wherein the priority range is used to indicate whether to continue learning the MAC address in the second target virtual local area network.
  • the embodiment of the invention further provides a computer readable storage medium storing computer executable instructions, which are implemented when executed by a processor.
  • the restriction condition is one of the following: a preset threshold and a preset dynamic watermark value; and the learned in the virtual local area network is determined. If the number of MAC addresses reaches the limit condition, the MAC address received after the restriction condition is stopped is learned, and the MAC address received after the restriction condition is processed according to a preset manner, where the preset mode includes one of the following: : Forwarding or discarding solves the problem that the related technology cannot control the learning MAC address of the switch virtual local area network, thereby achieving the effect of improving the stability of the virtual local area network.
  • FIG. 1 is a schematic structural diagram of a rack switch in the related art
  • FIG. 2 is a flowchart of a method for learning a MAC address in a virtual local area network of a switch according to an embodiment of the present invention
  • FIG. 3 is a structural block diagram of a device for learning a MAC address in a virtual local area network of a switch according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of MAC restriction priority classification according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a MAC restriction dynamic waterline in a virtual local area network according to an embodiment of the present invention
  • FIG. 6 is a schematic diagram of communication of a rack switch according to an embodiment of the present invention.
  • FIG. 7 is a flowchart (corresponding to a user setting manner) of a method for learning a MAC address in a virtual local area network of a switch according to a preferred embodiment of the present invention
  • FIG. 8 is a flowchart (corresponding to a dynamic limit setting manner) of a method for learning a MAC address in a virtual local area network of a switch according to a preferred embodiment of the present invention.
  • FIG. 2 is a flowchart of a method for learning a MAC address in a virtual local area network of a switch according to an embodiment of the present invention. As shown in FIG. 2, the process includes The following steps:
  • Step S202 Determine whether the number of learned MAC addresses in the virtual local area network reaches a limit condition, where the restriction condition includes one of the following: a preset threshold, and a preset dynamic watermark value.
  • Step S204 if it is determined that the number of MAC addresses learned in the virtual local area network reaches a limit condition, stop learning the MAC address received after the restriction condition is reached, and process the MAC address received after the restriction condition is processed according to a preset manner.
  • the constraint is a preset threshold; if the size of the virtual local area network is unknown, the constraint is a preset dynamic watermark value.
  • the preset dynamic watermark value includes a first preset dynamic watermark value, wherein determining whether the number of learned MAC addresses in the virtual local area network reaches a limit
  • the condition includes: collecting the sum of the learned MAC addresses in all the virtual local area networks of the switch, and obtaining the first total MAC address; determining whether the first total MAC address reaches the first preset dynamic watermark value, wherein the first preset dynamic water
  • the line value is the product of the second total MAC address and the percentage of the first preset dynamic water line
  • the second total MAC address is the sum of the MAC addresses in all the virtual local area networks, wherein the first total MAC address is determined to reach the first preset.
  • the first preset dynamic waterline percentage can be set according to requirements, for example: 70%.
  • the preset dynamic watermark value further includes a second preset dynamic watermark value, wherein determining whether the number of learned MAC addresses in the virtual local area network reaches the limiting condition further includes: determining the first total MAC address If the address does not reach the first preset dynamic watermark value, it is determined whether the first total MAC address reaches the second preset dynamic watermark value, wherein the second preset dynamic watermark value is the second total MAC address and the first The product of the preset dynamic watermark percentage, and the second preset dynamic watermark value is smaller than the first preset dynamic watermark value, wherein the first total MAC address is determined to reach the second preset dynamic watermark value Next, it is determined that the number of MAC addresses learned in the virtual local area network reaches a limit condition.
  • the second dynamic waterline percentage can also be set according to demand, but less than the first dynamic waterline percentage, for example: 50%.
  • the method when it is determined that the first total MAC address reaches the first preset dynamic watermark value, the method further includes the following steps:
  • step S1 the number of MAC addresses in each virtual local area network in all virtual local area networks is obtained.
  • Step S2 determining the number of MAC addresses in the first target virtual local area network in all virtual local area networks Whether it is greater than or equal to the first preset dynamic watermark value.
  • step S3 when it is determined that the number of MAC addresses in the first target virtual local area network is greater than or equal to the first preset dynamic watermark value in all the virtual local area networks, setting a limit value of the number of MAC addresses in the first target virtual local area network is first.
  • the number of learned MAC addresses in the target virtual local area network, and deletes the MAC addresses learned in the first target virtual local area network but not used within the preset time period, that is, the number of MAC addresses in the first target virtual local area network is set.
  • the aging speed of the learned MAC address in the first target virtual local area network is also accelerated, so that users who have long occupied resources but have not used for a long time go offline, and accelerate the aging of some malicious attacks occupying resource MAC addresses. .
  • step S4 if it is determined that the number of MAC addresses in the first target virtual local area network is smaller than the first preset dynamic watermark value in all the virtual local area networks, determine whether the number of MAC addresses in the first target virtual local area network is greater than or equal to the average value of the MAC addresses.
  • the MAC address average is the quotient of the second total MAC address and the number of all virtual local area networks.
  • step S5 if it is determined that the number of MAC addresses in the first target virtual local area network is greater than or equal to the average value of the MAC address, setting a limit value of the number of MAC addresses in the first target virtual local area network is a second preset dynamic watermark value, and Deleting the MAC address learned in the first target virtual local area network but not used in the preset time period, wherein the second preset dynamic water line value is the product of the second total MAC address and the second preset dynamic water line percentage And the second preset dynamic watermark value is less than the first preset dynamic watermark value.
  • Step S6 In the case that it is determined that the number of MAC addresses in the first target virtual local area network is smaller than the average value of the MAC address, setting a limit value of the number of MAC addresses in the first target virtual local area network is a MAC address average value.
  • each virtual local area network in the entire virtual local area network is completed in the virtual local area network by performing the foregoing steps S1 to S6.
  • the setting of the limit value of the number of MAC addresses, that is, each of the virtual local area networks in the entire virtual local area network is sequentially performed as the first target virtual local area network to perform the above steps S1 to S6.
  • the method when it is determined that the first total MAC address reaches the second preset dynamic watermark value, the method further includes the following steps:
  • step S7 the number of MAC addresses in each virtual local area network in all virtual local area networks is obtained.
  • step S8 it is determined whether the number of MAC addresses in the second target virtual local area network in all the virtual local area networks is greater than or equal to the average value of the MAC addresses, and the average value of the MAC addresses is the quotient of the second total MAC address and the number of all virtual local area networks.
  • Step S9 When it is determined that the number of MAC addresses in the second target virtual local area network is greater than or equal to the average value of the MAC address in all the virtual local area networks, setting a limit value of the number of MAC addresses in the second target virtual local area network is a first preset dynamic water. Line value.
  • Step S10 If it is determined that the number of MAC addresses in the second target virtual local area network is smaller than the average value of the MAC address in all the virtual local area networks, setting a limit value of the number of MAC addresses in the second target virtual local area network is a second total MAC address.
  • each virtual local area network in the entire virtual local area network is completed in the virtual local area network by performing the foregoing steps S7 to S10.
  • the setting of the limit value of the number of MAC addresses, that is, each of the virtual local area networks in the entire virtual local area network is sequentially performed as the second target virtual local area network to perform the above steps S7 to S10.
  • the method further includes: determining a priority range in which the second target virtual local area network is in, wherein, priority The level range is used to indicate whether to continue learning the MAC address in the second target virtual local area network. That is, if the second target virtual local area network has a higher priority range, the second target virtual local area network can continue to learn the MAC address, and if the second target virtual local area network is in a lower priority range, the second target virtual local area network stops learning. MAC address.
  • a device for learning a MAC address in a virtual local area network of a switch is also provided.
  • the device is used to implement the foregoing embodiments and preferred embodiments, and details are not described herein.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • FIG. 3 is a structural block diagram of a device for learning a MAC address in a virtual local area network of a switch according to an embodiment of the present invention. As shown in FIG. 3, the device includes:
  • the first determining module 32 is configured to determine whether the number of learned MAC addresses in the virtual local area network reaches a limiting condition, where the limiting condition includes one of the following: a preset threshold, and a preset dynamic watermark value.
  • the processing module 34 is configured to, after determining that the number of MAC addresses learned in the virtual local area network reaches a limiting condition, stop learning the MAC address received after reaching the limiting condition, and receive the received condition according to the preset manner.
  • the number of MAC addresses learned in the virtual local area network in different situations is compared with the limitation condition corresponding to the virtual local area network, and the number of learned MAC addresses in the virtual local area network reaches the corresponding limiting condition.
  • the learning of the MAC address in the virtual local area network is stopped, and the received packets are discarded or forwarded after the limitation condition is exceeded.
  • the problem of the MAC address achieves the effect of improving the stability of the virtual local area network.
  • the constraint is a preset threshold; if the size of the virtual local area network is unknown, the constraint is a preset dynamic watermark value.
  • the preset dynamic watermark value includes a first preset dynamic watermark value
  • the first determining module 32 includes a statistical unit and a first determining unit. among them:
  • the statistic unit is configured to count the sum of the learned MAC addresses in all virtual local area networks of the switch to obtain the first total MAC address.
  • the first determining unit is configured to determine whether the first total MAC address reaches a first preset dynamic watermark value, wherein the first preset dynamic watermark value is a product of the second total MAC address and the first preset dynamic watermark percentage
  • the second total MAC address is the sum of the MAC addresses in all the virtual local area networks, wherein, in the case that the first total MAC address is determined to reach the first preset dynamic watermark value, the number of learned MAC addresses in the virtual local area network is determined. Reach the restrictions.
  • the first preset dynamic waterline percentage can be set according to requirements, for example: 70%.
  • the preset dynamic watermark value further includes a second preset dynamic watermark value
  • a judging module 32 further includes a second judging unit, wherein:
  • the second determining unit is configured to determine whether the first total MAC address reaches the second preset dynamic watermark value, if the first total MAC address does not reach the first preset dynamic watermark value, wherein the second pre- The dynamic watermark value is a product of a second total MAC address and a second preset dynamic waterline percentage, and the second preset dynamic watermark value is smaller than the first preset dynamic watermark value, wherein the first total is determined
  • the second dynamic waterline percentage can also be set according to demand, but less than the first dynamic waterline percentage, for example: 50%.
  • the device further includes a first obtaining module, a second determining module, a first setting module, a third determining module, a second setting module, and a third setting module, where:
  • the first obtaining module is configured to acquire the number of MAC addresses in each virtual local area network in all virtual local area networks when it is determined that the first total MAC address reaches the first preset dynamic watermark value.
  • the second determining module is configured to determine whether the number of MAC addresses in the first target virtual local area network in all the virtual local area networks is greater than or equal to the first preset dynamic water line value.
  • the first setting module is configured to set a limit value of the number of MAC addresses in the first target virtual local area network when determining that the number of MAC addresses in the first target virtual local area network is greater than or equal to the first preset dynamic water line value in all the virtual local area networks
  • the number of MAC addresses learned in the first target virtual local area network, and deleting the MAC address learned in the first target virtual local area network but not used in the preset time period, that is, in setting the first target virtual local area network After the limit of the number of MAC addresses, the aging rate of learned MAC addresses in the first target virtual local area network is also accelerated, so that users who have long occupied resources but have not used for a long time go offline, and accelerate aging. Some malicious attacks occupy resources. MAC address.
  • the third determining module is configured to determine whether the number of MAC addresses in the first target virtual local area network is greater than or equal to the MAC, if it is determined that the number of MAC addresses in the first target virtual local area network is less than the first preset dynamic watermark value in all the virtual local area networks.
  • the address average where the MAC address average is the quotient of the second total MAC address and the number of all virtual local area networks.
  • the second setting module is configured to set the MAC address in the first target virtual local area network when determining that the number of MAC addresses in the first target virtual local area network is greater than or equal to the average value of the MAC address
  • the limit value of the quantity is a second preset dynamic waterline value, and the MAC address learned in the first target virtual local area network but not used in the preset time period is deleted, wherein the second preset dynamic watermark value is The product of the total MAC address and the second preset dynamic waterline percentage, and the second preset dynamic watermark value is smaller than the first preset dynamic watermark value.
  • the third setting module is configured to set a limit value of the number of MAC addresses in the first target virtual local area network to a MAC address average value when it is determined that the number of MAC addresses in the first target virtual local area network is smaller than the average value of the MAC address.
  • each virtual local area network in the entire virtual local area network is invoked by the first obtaining module, the second determining module, and the first The setting module, the third determining module, the second setting module, and the third setting module complete setting of a limit value of the number of MAC addresses in the virtual local area network, that is, each virtual local area network in the entire virtual local area network is sequentially used as the first The target virtual local area network invokes the first obtaining module, the second determining module, the first setting module, the third determining module, the second setting module, and the third setting module.
  • the device further includes a second obtaining module, a fourth determining module, a fourth setting module, and a fifth setting module, where:
  • the second obtaining module is configured to obtain the number of MAC addresses in each virtual local area network in all virtual local area networks when it is determined that the first total MAC address reaches the second preset dynamic watermark value.
  • the fourth determining module is configured to determine whether the number of MAC addresses in the second target virtual local area network in all the virtual local area networks is greater than or equal to the average value of the MAC addresses, and the average value of the MAC addresses is the quotient of the second total MAC address and the number of all virtual local area networks.
  • the fourth setting module is configured to set a limit value of the number of MAC addresses in the second target virtual local area network to be the first pre-determined in the case that the number of MAC addresses in the second target virtual local area network is greater than or equal to the average value of the MAC address in all the virtual local area networks. Set the dynamic watermark value.
  • the fifth setting module is configured to set a limit value of the number of MAC addresses in the second target virtual local area network to a second total MAC address when it is determined that the number of MAC addresses in the second target virtual local area network is less than the average value of the MAC address in all the virtual local area networks. .
  • each virtual local area network in the entire virtual local area network completes the setting of the limit value of the number of MAC addresses in the virtual local area network by calling the second obtaining module, the fourth determining module, the fourth setting module, and the fifth setting module. That is, each of the virtual local area networks in the entire virtual local area network is sequentially used as the second target virtual local area network to invoke the second obtaining module, the fourth determining module, the fourth setting module, and the fifth setting module.
  • the apparatus further includes a determining module, wherein the determining module is configured to determine that the second target virtual local area network is located after setting a limit value of the number of MAC addresses in the second target virtual local area network to a first preset dynamic water line value The priority range, wherein the priority range is used to indicate whether to continue learning the MAC address in the second target virtual local area network.
  • the learning method of the MAC address in the virtual LAN of the switch may also be referred to as a user configuration mode; if the size of the virtual local area network is unknown, the learning method of the MAC address in the virtual local area network of the switch may also be referred to as a dynamic limiting manner. . That is, the method for learning the MAC address in the virtual LAN of the switch provided by the present application is divided into two implementation methods for the user scale: if it is a known scale, the user configuration mode is adopted; if it is an unknown scale, the switch provides a Dynamic restriction method.
  • the MAC resources are controlled in the following three ways: Specifically, the method is used to speed up the aging process, and the users who use resources for a long time but are not used for a long time go offline, and accelerate the aging. Some malicious attacks occupy resources.
  • the virtual local area network X is taken as an example, and the specific description is as follows:
  • Configuration 1 Set the threshold of the number of MAC addresses in the virtual LAN X of the rack switch in the user configuration mode to LIMITx.
  • Configuration 4 User configured dynamic waterline percentage.
  • the first dynamic waterline percentage is a%
  • the second dynamic waterline percentage is b%. It should be noted that the number of the above dynamic water lines is temporarily defined by two, but is not limited to two.
  • FIG. 4 is a schematic diagram of MAC priority prioritization according to an embodiment of the present invention. For specific priority classification settings, see FIG. 4.
  • the user configuration mode is configured by using configuration 1 and configuration 2; the dynamic restriction mode is configured by using configuration 3, configuration 4, configuration 5, and configuration 2.
  • FIG. 5 is a schematic diagram of a MAC restricted dynamic watermark in a virtual local area network according to an embodiment of the present invention.
  • the dynamic limit mode is to compare the number of MAC addresses of all VLANs of a network device (for example, a switch) with several dynamic water lines configured by the user. After different dynamic water lines are reached, different VLANs are set differently.
  • the MAC address limit value can ensure that there are available MAC resources in each VLAN, and allocate more MAC resources to VLANs that require more MAC resources, so that the allocation of MAC resources is more reasonable.
  • FIG. 6 is a schematic diagram of communication of a rack switch according to an embodiment of the present invention. The working process of the main control terminal and the line card terminal in the rack switch is described in Figure 6 for the user configuration mode.
  • Card Message 1 Stop learning the physical address in Virtual LAN X, and notify all line card discards (if configuration 2 is drop) or directly forward (if configuration 2 is forward) packets that exceed the threshold portion according to configuration 2. And delete the MAC address that exceeds the threshold but has been reported to the master.
  • the threshold When the number of MAC addresses in the virtual local area network X is less than the threshold, it is responsible for notifying all the line card messages 2: opening the physical address learning in the virtual local area network X and not discarding the message.
  • all line card hardware After receiving the packets with different source MAC addresses, all line card hardware reports the MAC address information to the line card CPU, and the line card CPU sends a message to the CPU of the host. All the line cards mainly control the hardware to no longer report the MAC address exceeding the threshold part by setting the programmable logic device after receiving the message 1 of the master control, and the driver sends the message that exceeds the threshold part according to the configuration 2 (discard or directly Forward). And delete the MAC address that exceeds the threshold deleted by the master notification.
  • All line cards control the hardware to open the MAC learning in the virtual local area network through the programmable logic device after receiving the message 2 of the host.
  • the programmable logic device should have the following functions: 1. Discard the source MAC address limit message; 2. Set the VLAN-based source MAC address limit threshold.
  • the working process of the master and line card in the rack switch is as follows: After the function of dynamically limiting the number of MACs in all VLANs is enabled, the master needs to monitor the current status in real time. When the total number of learned MACs reaches the different watermarks, you need to adopt some strategies to set different MAC limit values for different VLANs and notify the line card to set the hardware. The method of speeding up the aging process is adopted in the VLAN that occupies more MAC resources, so that the MAC that is not used for a long time is rapidly aged and the MAC resources are released. And according to the different priorities configured in configuration 5, some priority MAC learning is reserved, and some lower priority MAC learning is turned off. After the water line is lower than the water line, the limit is lower than the water line. When the water line is lower than the lowest water line, MAC learning is no longer restricted, and the line card is set to set the hardware.
  • the dynamic limit mode is described as follows: After the dynamic limit of the number of MAC addresses in all VLANs is enabled, the switch CPU needs to monitor the total number of MACs learned by all VLANs in real time, and the total number of MACs learned. When different watermarks are reached, some strategies are needed to set different MAC limit values for different VLANs. The method of speeding up the aging process is adopted in the VLAN that occupies more MAC resources, so that the MAC that is not used for a long time is rapidly aged and the MAC resources are released. And according to the different priorities configured in configuration 5, some priority MAC learning is reserved, and some lower priority MAC learning is turned off. After being below the different waterline, the recovery is lower than The waterline is limited in its way of limiting MAC learning when it is below the minimum waterline.
  • FIG. 7 is a flowchart of a method for learning a MAC address in a virtual local area network of a switch according to a preferred embodiment of the present invention.
  • the preferred embodiment corresponds to a user setting manner in the foregoing content. As shown in FIG. 7, the process includes:
  • step S704 the chip of each line card learns the CPU (the central processing unit) of the MAC reporting line card itself.
  • Step S706 the CPU of each line card reports the learned MAC address information (including the MAC address + VLAN + port number) to the master of the rack switch through inter-board communication.
  • Step S708 the master controller of the rack switch adds the received MAC message to the MAC table of the software management MAC address, and the table records information about all learned MAC address information (including MAC address + VLAN + port number). .
  • Step S710 determining whether the number of MAC addresses (ie, y) in the virtual local area network X managed by the software monitoring the master of the rack switch reaches LIMITx. If LIMITx is reached, then the process goes to step S712; if LIMITx is not reached, the monitoring is continued, and the process goes to step S710.
  • Step S712 notifying all line cards of the rack switch to close the MAC address learning in the VLAN.
  • step S714 it is determined whether the restriction policy of the current configuration 2 is forward or drop (determined by configuration 2). If it is forward, then go to step S716; if it is drop, then go to step S718.
  • step S716 all the line card issuing registers in the virtual local area network X are not allowed to perform MAC address learning again, and the processing method of the message without the learning source MAC is directly forwarded. At this time, only the MAC address learning of the virtual local area network X is restricted. The packets of the MAC address can be forwarded normally, and the MAC addresses of other virtual LANs can still be learned normally, and the packets can be forwarded normally.
  • step S718 the MAC address learning is not allowed in all the line card delivery hardware (drive) virtual local area network X, and the processing of the message without the learning source MAC address is discarded. At this time, only the virtual The MAC learning of the proposed local area network X is restricted, and the packets of the MAC address can be forwarded normally, and the MAC addresses of other virtual local area networks can still be learned normally, and the packets can be forwarded normally.
  • step S720 after the number of MAC addresses (ie, y) in the virtual LAN X of the software management of the master of the rack switch is monitored to reach the threshold LIMITx of the configuration 1, it is determined whether the MAC is manually deleted for some reason (such as MAC aging). Etc.) The total number of MAC addresses in Virtual LAN X is less than LIMITx. If yes, go to step S722, if not, continue monitoring, and go to step S720.
  • step S722 the main controller of the rack switch sends a message for releasing the MAC address limit in the virtual local area network X to all the line cards, and all the messages are resumed and forwarded normally.
  • the MAC addresses of other virtual LANs can still be learned normally, and all packets can be forwarded normally.
  • step S724 after receiving the message sent by the master control, all the line cards send the hardware (drive) to allow the MAC address in the virtual local area network X to learn, and all the messages resume normal forwarding. Then skip to step S710.
  • FIG. 8 is a flowchart of a method for learning a MAC address in a virtual local area network of a switch according to a preferred embodiment of the present invention.
  • the preferred embodiment corresponds to a dynamic limit setting manner in the foregoing content. As shown in FIG. 8, the process includes:
  • step 802 the switch configures n (n>1) virtual local area networks.
  • Step 806 when learning that the sum of MACs learned in all VLANs reaches the watermark (total MAC address *a%), skip to step 808, when the sum of MACs learned in all VLANs reaches the watermark (MAC) When the total number of addresses *b%), (b>a) jumps to step 812.
  • step 808 the number of MAC addresses in all VLANs is checked, and different restrictions are adopted for different VLANs. For example, if the number of VLANs is greater than or equal to (the total number of MAC addresses / n), set the MAC address limit value in the VLAN (the total number of MAC addresses * a%), and then skip to step 810; if a VLAN If the number of MAC addresses is less than (the total number of MAC addresses/n), set the limit value of the number of MACs in the VLAN (the total number of MAC addresses), that is, the VLAN is not restricted. MAC learning within.
  • Step 810 Determine whether the MAC in the priority range of the current configuration 4 is allowed to continue learning. If allowed, continue to allow MAC learning by setting hardware; if prohibited, disable MAC learning of the MAC range by setting hardware.
  • step 812 the number of MACs in all VLANs is checked, and different restrictions are adopted for different VLANs. If the number of the VLANs is greater than or equal to (the total number of MAC addresses *a%), set the MAC limit value in the VLAN to the MAC value learned by the current VLAN, and skip to step 814; If the number is less than (the total number of MAC addresses *a%), continue to determine whether the number of MAC addresses in a certain VLAN is greater than or equal to (the total number of MAC addresses / n), if the number of MACs in one of the above VLANs is greater than or equal to (the total number of MAC addresses) Quantity / n), set the MAC limit value in the VLAN (total MAC address * a%), and jump to step 814; if the number of MACs in one of the above VLANs is less than (the total number of MAC addresses / n), Then set the MAC limit value in the VLAN (the total number of MAC addresses
  • Step 814 Perform fast aging on the VLAN that has occupied more MAC resources, speed up the aging process, and delete the MAC address that has not been updated for a long time.
  • an embodiment of the present invention further provides a computer readable storage medium storing computer executable instructions, which are implemented when executed by a processor.
  • each module/unit in the above embodiment may be implemented in the form of hardware, for example, by implementing an integrated circuit to implement its corresponding function, or may be implemented in the form of a software function module, for example, executing a program stored in the memory by a processor. Instructions to achieve their corresponding functions. This application is not limited to any specific combination of hardware and software.
  • the technical solution provided by the embodiment of the present invention determines whether the number of learned MAC addresses in the virtual local area network reaches a limit condition, wherein the constraint condition is one of the following: a preset threshold and a preset dynamic watermark value; If the number of MAC addresses learned in the local area network reaches the limit condition, the MAC address received after the restriction condition is stopped, and the MAC address received after the restriction condition is processed according to a preset manner, where the preset is preset.
  • the method includes one of the following: forwarding or discarding, which solves the problem that the related technology cannot control the learning MAC address of the switch virtual local area network, thereby achieving the effect of improving the stability of the virtual local area network.

Abstract

Disclosed are a method and apparatus for learning a MAC address in a virtual local area network of a switch. The method comprises: determining whether a quantity of MAC addresses learned in a virtual local area network reaches a limiting condition, the limiting condition comprising one of the following: a preset threshold or a preset dynamic level; and if it is determined that the quantity of MAC addresses learned in the virtual local area network reaches the limiting condition, stopping learning a MAC address that is received after the limiting condition is reached, and processing, in a preset manner, a packet corresponding to the MAC address that is received after the limiting condition is reached, the preset manner comprising one of the following: forwarding or discarding.

Description

交换机虚拟局域网中MAC地址的学习方法及装置Method and device for learning MAC address in switch virtual local area network 技术领域Technical field
本文涉及但不限于通信技术领域,尤其涉及的是一种交换机虚拟局域网中MAC地址的学习方法及装置。This document relates to, but is not limited to, the field of communication technologies, and in particular, to a method and device for learning a MAC address in a virtual local area network of a switch.
背景技术Background technique
MAC(Media Access Control,媒体访问控制)协议位于OSI(Open System Interconnection,开放式系统互联)七层协议中数据链路层,主要负责控制与连接物理层的物理介质。在传统局域网中,各种传输介质的物理层对应到相应的MAC层,目前普遍使用的网络采用的是IEEE 802.3的MAC层标准。MAC协议的关键是MAC地址(即物理地址),在每个网络设备中MAC地址都是有限的资源。The MAC (Media Access Control) protocol is located in the data link layer of the Open System Interconnection (OSI) seven-layer protocol. It is mainly responsible for controlling and connecting physical media of the physical layer. In a conventional local area network, the physical layer of various transmission media corresponds to the corresponding MAC layer, and the currently widely used network adopts the MAC layer standard of IEEE 802.3. The key to the MAC protocol is the MAC address (ie, the physical address), and the MAC address is a limited resource in each network device.
在数据网络中,网络设备通过划分虚拟局域网(Virtual Local Area Network,简称为VLAN)来使不同虚拟局域网之间的通信互不干扰。一个VLAN内部的广播和单播流量都不会转发到其他VLAN中,从而有助于控制流量、减少设备投资、简化网络管理、提高网络的安全性。如果某一个VLAN内发生了MAC地址泛滥攻击的现象,这时如果这个虚拟局域网占用了网络设备的全部的MAC地址资源,不仅该虚拟局域网内的通信会受到影响,同时也会影响其他虚拟局域网的正常运行。In a data network, a network device divides a virtual local area network (VLAN) to ensure that communications between different virtual local area networks do not interfere with each other. Broadcast and unicast traffic inside a VLAN is not forwarded to other VLANs, which helps control traffic, reduce equipment investment, simplify network management, and improve network security. If a MAC address flood attack occurs in a certain VLAN, if the virtual LAN occupies all the MAC address resources of the network device, not only the communication in the virtual LAN but also the other virtual LANs will be affected. normal operation.
在相关技术中,比较常用的一种网络设备为机架式交换机,机架式交换机是一种插槽式的交换机,这种交换机因具有较好的扩展性,目前被广泛应用在通信网络中。图1是相关技术中机架式交换机的结构示意图,如图1所示,机架式交换机由多个线卡处理器和主控处理器组成,硬件(即可编程逻辑器件)无法实现对整个机架式交换机的某一虚拟局域网内物理地址的统一限制,进而无法准确控制机架式交换机某一虚拟局域网内MAC地址的数目,导致影响其它VLAN正常运行的问题。In the related art, a commonly used network device is a rack switch, and a rack switch is a slot type switch. This switch is widely used in a communication network because of its good scalability. . 1 is a schematic structural diagram of a rack switch in the related art. As shown in FIG. 1 , a rack switch is composed of a plurality of line card processors and a main control processor, and hardware (ie, programmable logic devices) cannot implement the entire The uniform limit of the physical address of a virtual LAN in a rack switch can not accurately control the number of MAC addresses in a virtual LAN of the rack switch, which affects the normal operation of other VLANs.
针对相关技术中,无法控制交换机虚拟局域网学习MAC地址的问题, 目前尚未提出有效的解决方案。For the related art, it is impossible to control the problem that the switch virtual local area network learns the MAC address. No effective solution has yet been proposed.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本发明实施例提供了一种交换机虚拟局域网中MAC地址的学习方法及装置,以至少解决相关技术中无法控制交换机虚拟局域网学习MAC地址的问题。The embodiment of the invention provides a method and a device for learning a MAC address in a virtual local area network of a switch, so as to at least solve the problem that the MAC address of the switch virtual local area network cannot be controlled in the related art.
本发明实施例提供了一种交换机虚拟局域网中MAC地址的学习方法,包括:判断虚拟局域网中学习到的MAC地址的数量是否达到限制条件,其中,所述限制条件包括以下之一:预设阈值,预设动态水线值;在判断出所述虚拟局域网中学习到的MAC地址的数量达到所述限制条件的情况下,停止学习达到所述限制条件后接收到的MAC地址,并按照预设方式处理所述限制条件后接收到的MAC地址的报文,其中,所述预设方式包括以下之一:转发,丢弃。The embodiment of the invention provides a method for learning a MAC address in a virtual local area network of a switch, which includes: determining whether the number of learned MAC addresses in the virtual local area network reaches a limit condition, wherein the restriction condition includes one of the following: a preset threshold Presetting a dynamic watermark value; if it is determined that the number of learned MAC addresses in the virtual local area network reaches the restriction condition, stopping learning the MAC address received after reaching the restriction condition, and according to the preset The method is configured to process the received MAC address packet, where the preset manner includes one of the following: forwarding, and discarding.
可选地,若所述限制条件为预设动态水线值,判断所述虚拟局域网中学习到的MAC地址的数量是否达到限制条件包括:统计交换机的全部所述虚拟局域网中学习到的MAC地址之和,得到第一总MAC地址;判断所述第一总MAC地址是否达到第一预设动态水线值,其中,所述第一预设动态水线值为第二总MAC地址与第一预设动态水线百分比的乘积,所述第二总MAC地址为全部所述虚拟局域网内MAC地址之和,其中,在判断出所述第一总MAC地址达到所述第一预设动态水线值的情况下,确定所述虚拟局域网中学习到的MAC地址的数量达到所述限制条件。Optionally, if the limiting condition is a preset dynamic watermark value, determining whether the number of learned MAC addresses in the virtual local area network reaches a limiting condition includes: calculating a MAC address learned in all the virtual local area networks of the switch And obtaining a first total MAC address; determining whether the first total MAC address reaches a first preset dynamic watermark value, wherein the first preset dynamic watermark value is a second total MAC address and the first a product of a preset dynamic waterline percentage, wherein the second total MAC address is a sum of MAC addresses in all the virtual local area networks, wherein it is determined that the first total MAC address reaches the first preset dynamic waterline In the case of a value, it is determined that the number of learned MAC addresses in the virtual local area network reaches the constraint condition.
可选地,判断所述虚拟局域网中学习到的MAC地址的数量是否达到限制条件还包括:在判断出所述第一总MAC地址未达到所述第一预设动态水线值的情况下,判断所述第一总MAC地址是否达到第二预设动态水线值,其中,所述第二预设动态水线值为所述第二总MAC地址与第二预设动态水 线百分比的乘积,且所述第二预设动态水线值小于所述第一预设动态水线值,其中,在判断出所述第一总MAC地址达到所述第二预设动态水线值的情况下,确定所述虚拟局域网中学习到的MAC地址的数量达到所述限制条件。Optionally, determining whether the number of learned MAC addresses in the virtual local area network reaches a limit condition further includes: if it is determined that the first total MAC address does not reach the first preset dynamic watermark value, Determining whether the first total MAC address reaches a second preset dynamic watermark value, wherein the second preset dynamic watermark value is the second total MAC address and the second preset dynamic water value a product of a line percentage, and the second preset dynamic water line value is smaller than the first preset dynamic water line value, wherein, determining that the first total MAC address reaches the second preset dynamic water line In the case of a value, it is determined that the number of learned MAC addresses in the virtual local area network reaches the constraint condition.
可选地,在判断出所述第一总MAC地址达到所述第一预设动态水线值的情况下,所述方法还包括:获取全部所述虚拟局域网中每个所述虚拟局域网内MAC地址的数量;判断全部所述虚拟局域网中第一目标虚拟局域网内MAC地址数量是否大于或等于所述第一预设动态水线值;在判断出全部所述虚拟局域网中第一目标虚拟局域网内MAC地址数量大于或等于所述第一预设动态水线值的情况下,设置所述第一目标虚拟局域网内MAC地址数量的限制值为所述第一目标虚拟局域网中学习到的MAC地址的数量,并删除所述第一目标虚拟局域网中学习到的却在预设时间段内未使用的MAC地址;在判断出全部所述虚拟局域网中第一目标虚拟局域网内MAC地址数量小于所述第一预设动态水线值的情况下,判断所述第一目标虚拟局域网内MAC地址数量是否大于或等于MAC地址平均值,其中,所述MAC地址平均值为所述第二总MAC地址与全部所述虚拟局域网的数量的商值;在判断出所述第一目标虚拟局域网内MAC地址数量大于或等于所述MAC地址平均值的情况下,设置第一目标虚拟局域网内MAC地址数量的限制值为第二预设动态水线值,并删除所述第一目标虚拟局域网中学习到的却在预设时间段内未使用的MAC地址,其中,所述第二预设动态水线值为所述第二总MAC地址与第二预设动态水线百分比的乘积,且所述第二预设动态水线值小于所述第一预设动态水线值;在判断出所述第一目标虚拟局域网内MAC地址数量小于所述MAC地址平均值的情况下,设置所述第一目标虚拟局域网内MAC地址数量的限制值为所述MAC地址平均值。Optionally, if it is determined that the first total MAC address reaches the first preset dynamic watermark value, the method further includes: acquiring, in each of the virtual local area networks, a MAC in each of the virtual local area networks The number of addresses; determining whether the number of MAC addresses in the first target virtual local area network in the virtual local area network is greater than or equal to the first preset dynamic water line value; determining that all the virtual local area networks are in the first target virtual local area network If the number of MAC addresses is greater than or equal to the first preset dynamic watermark value, setting a limit value of the number of MAC addresses in the first target virtual local area network is a value of the learned MAC address in the first target virtual local area network. And deleting the MAC address learned in the first target virtual local area network but not used in the preset time period; determining that the number of MAC addresses in the first target virtual local area network in all the virtual local area networks is smaller than the number In the case of a preset dynamic watermark value, determining whether the number of MAC addresses in the first target virtual local area network is greater than or equal to the average value of the MAC address, where The MAC address average is a quotient of the second total MAC address and the number of all the virtual local area networks; and if it is determined that the number of MAC addresses in the first target virtual local area network is greater than or equal to the average value of the MAC addresses And setting a limit value of the number of MAC addresses in the first target virtual local area network to a second preset dynamic watermark value, and deleting the MAC address learned in the first target virtual local area network but not used in the preset time period, The second preset dynamic watermark value is a product of the second total MAC address and a second preset dynamic waterline percentage, and the second preset dynamic watermark value is smaller than the first preset. a dynamic watermark value; if it is determined that the number of MAC addresses in the first target virtual local area network is smaller than the average value of the MAC address, setting a limit value of the number of MAC addresses in the first target virtual local area network is the MAC address average value.
可选地,在判断出所述第一总MAC地址达到所述第二预设动态水线值的情况下,所述方法还包括:获取全部所述虚拟局域网中每个所述虚拟局域网内MAC地址的数量;判断全部所述虚拟局域网中第二目标虚拟局域网内MAC地址数量是否大于或等于MAC地址平均值,所述MAC地址平均值为所述第二总MAC地址与全部所述虚拟局域网的数量的商值;在判断出全部所述虚拟局域网中第二目标虚拟局域网内MAC地址数量大于或等于所述 MAC地址平均值的情况下,设置所述第二目标虚拟局域网内MAC地址数量的限制值为所述第一预设动态水线值;在判断出全部所述虚拟局域网中第二目标虚拟局域网内MAC地址数量小于所述MAC地址平均值的情况下,设置第二目标虚拟局域网内MAC地址数量的限制值为所述第二总MAC地址。Optionally, if it is determined that the first total MAC address reaches the second preset dynamic watermark value, the method further includes: acquiring, in each of the virtual local area networks, a MAC in each of the virtual local area networks The number of addresses; determining whether the number of MAC addresses in the second target virtual local area network in all the virtual local area networks is greater than or equal to a MAC address average value, wherein the average value of the MAC addresses is the second total MAC address and all the virtual local area networks a quotient of the quantity; determining that the number of MAC addresses in the second target virtual local area network in all of the virtual local area networks is greater than or equal to In the case of the MAC address average, the limit value of the number of MAC addresses in the second target virtual local area network is set to the first preset dynamic watermark value; and it is determined that all the virtual local area networks are in the second target virtual local area network In a case where the number of MAC addresses is smaller than the average value of the MAC addresses, setting a limit value of the number of MAC addresses in the second target virtual local area network is the second total MAC address.
可选地,在设置所述第二目标虚拟局域网内MAC地址数量的限制值为所述第一预设动态水线值之后,所述方法还包括:确定所述第二目标虚拟局域网处于的优先级范围,其中,所述优先级范围用于指示是否继续学习所述第二目标虚拟局域网内的MAC地址。Optionally, after setting a limit value of the number of MAC addresses in the second target virtual local area network to the first preset dynamic watermark value, the method further includes: determining that the second target virtual local area network is in a priority a range of ranges, wherein the priority range is used to indicate whether to continue learning MAC addresses in the second target virtual local area network.
本发明实施例提供了一种交换机虚拟局域网中MAC地址的学习装置,包括:第一判断模块,设置为判断虚拟局域网中学习到的MAC地址的数量是否达到限制条件,其中,所述限制条件包括以下之一:预设阈值,预设动态水线值;处理模块,设置为在判断出所述虚拟局域网中学习到的MAC地址的数量达到所述限制条件的情况下,停止学习达到所述限制条件后接收到的MAC地址,并按照预设方式处理所述限制条件后接收到的MAC地址的报文,其中,所述预设方式包括以下之一:转发,丢弃。The embodiment of the invention provides a device for learning a MAC address in a virtual local area network of a switch, comprising: a first determining module, configured to determine whether the number of learned MAC addresses in the virtual local area network reaches a limiting condition, wherein the limiting condition includes One of the following: a preset threshold, a preset dynamic watermark value; and a processing module configured to stop learning to reach the limit if it is determined that the number of MAC addresses learned in the virtual local area network reaches the limit condition The MAC address received after the condition, and the packet of the MAC address received after the restriction condition is processed according to a preset manner, where the preset manner includes one of the following: forwarding and discarding.
可选地,若所述限制条件为预设动态水线值,所述第一判断模块包括:统计单元,设置为统计交换机的全部所述虚拟局域网中学习到的MAC地址之和,得到第一总MAC地址;第一判断单元,设置为判断所述第一总MAC地址是否达到第一预设动态水线值,其中,所述第一预设动态水线值为第二总MAC地址与第一预设动态水线百分比的乘积,所述第二总MAC地址为全部所述虚拟局域网内MAC地址之和,其中,在判断出所述第一总MAC地址达到所述第一预设动态水线值的情况下,确定所述虚拟局域网中学习到的MAC地址的数量达到所述限制条件。Optionally, if the limiting condition is a preset dynamic watermark value, the first determining module includes: a statistical unit, configured to collect the sum of the learned MAC addresses in all the virtual local area networks of the statistical switch, and obtain the first The first determining unit is configured to determine whether the first total MAC address reaches a first preset dynamic watermark value, wherein the first preset dynamic watermark value is a second total MAC address and a first a product of a preset dynamic waterline percentage, wherein the second total MAC address is a sum of MAC addresses in all the virtual local area networks, wherein it is determined that the first total MAC address reaches the first preset dynamic water In the case of a line value, it is determined that the number of learned MAC addresses in the virtual local area network reaches the constraint condition.
可选地,所述第一判断模块还包括:第二判断单元,设置为在判断出所述第一总MAC地址未达到所述第一预设动态水线值的情况下,判断所述第一总MAC地址是否达到第二预设动态水线值,其中,所述第二预设动态水线值为所述第二总MAC地址与第二预设动态水线百分比的乘积,且所述第二预设动态水线值小于所述第一预设动态水线值,其中,在判断出所述第一总MAC地址达到所述第二预设动态水线值的情况下,确定所述虚拟局域网 中学习到的MAC地址的数量达到所述限制条件。Optionally, the first determining module further includes: a second determining unit, configured to determine, when it is determined that the first total MAC address does not reach the first preset dynamic watermark value, Whether the total MAC address reaches a second preset dynamic watermark value, wherein the second preset dynamic watermark value is a product of the second total MAC address and a second preset dynamic watermark percentage, and the The second preset dynamic watermark value is smaller than the first preset dynamic watermark value, wherein, when it is determined that the first total MAC address reaches the second preset dynamic watermark value, determining the Virtual local area network The number of MAC addresses learned in the middle reaches the limit.
可选地,所述装置还包括:第一获取模块,设置为在判断出所述第一总MAC地址达到所述第一预设动态水线值的情况下,获取全部所述虚拟局域网中每个所述虚拟局域网内MAC地址的数量;第二判断模块,设置为判断全部所述虚拟局域网中第一目标虚拟局域网内MAC地址数量是否大于或等于所述第一预设动态水线值;第一设置模块,设置为在判断出全部所述虚拟局域网中第一目标虚拟局域网内MAC地址数量大于或等于所述第一预设动态水线值的情况下,设置所述第一目标虚拟局域网内MAC地址数量的限制值为所述第一目标虚拟局域网中学习到的MAC地址的数量,并删除所述第一目标虚拟局域网中学习到的却在预设时间段内未使用的MAC地址;第三判断模块,设置为在判断出全部所述虚拟局域网中第一目标虚拟局域网内MAC地址数量小于所述第一预设动态水线值的情况下,判断所述第一目标虚拟局域网内MAC地址数量是否大于或等于MAC地址平均值,其中,所述MAC地址平均值为所述第二总MAC地址与全部所述虚拟局域网的数量的商值;第二设置模块,设置为在判断出所述第一目标虚拟局域网内MAC地址数量大于或等于所述MAC地址平均值的情况下,设置第一目标虚拟局域网内MAC地址数量的限制值为第二预设动态水线值,并删除所述第一目标虚拟局域中内学习到的却在预设时间段内未使用的MAC地址,其中,所述第二预设动态水线值为所述第二总MAC地址与第二预设动态水线百分比的乘积,且所述第二预设动态水线值小于所述第一预设动态水线值;第三设置模块,设置为在判断出所述第一目标虚拟局域网内MAC地址数量小于所述MAC地址平均值的情况下,设置所述第一目标虚拟局域网内MAC地址数量的限制值为所述MAC地址平均值。Optionally, the device further includes: a first acquiring module, configured to acquire, in the case that the first total MAC address reaches the first preset dynamic watermark value, obtain each of the virtual local area networks The number of MAC addresses in the virtual local area network; the second determining module is configured to determine whether the number of MAC addresses in the first target virtual local area network in the virtual local area network is greater than or equal to the first preset dynamic water line value; a setting module, configured to set the first target virtual local area network in a case where it is determined that the number of MAC addresses in the first target virtual local area network is greater than or equal to the first preset dynamic water line value in all the virtual local area networks The limit of the number of MAC addresses is the number of learned MAC addresses in the first target virtual local area network, and the MAC addresses learned in the first target virtual local area network but not used within the preset time period are deleted; a third determining module, configured to determine, in all the virtual local area networks, that the number of MAC addresses in the first target virtual local area network is smaller than the first preset dynamic water line value And determining, in the first target virtual local area network, whether the number of MAC addresses is greater than or equal to a MAC address average, where the MAC address average is a quotient of the second total MAC address and the number of all the virtual local area networks. a second setting module, configured to set a limit value of the number of MAC addresses in the first target virtual local area network when determining that the number of MAC addresses in the first target virtual local area network is greater than or equal to the average value of the MAC addresses Determining a dynamic watermark value, and deleting a MAC address that is learned in the first target virtual local area but is not used in a preset time period, where the second preset dynamic watermark value is a product of a second total MAC address and a second preset dynamic waterline percentage, and the second preset dynamic watermark value is smaller than the first preset dynamic watermark value; and the third setting module is set to determine In a case that the number of MAC addresses in the first target virtual local area network is smaller than the average value of the MAC addresses, setting a limit value of the number of MAC addresses in the first target virtual local area network is an average value of the MAC addresses.
进一步地,所述装置还包括:第二获取模块,设置为在判断出所述第一总MAC地址达到所述第二预设动态水线值的情况下,获取全部所述虚拟局域网中每个所述虚拟局域网内MAC地址的数量;第四判断模块,设置为判断全部所述虚拟局域网中第二目标虚拟局域网内MAC地址数量是否大于或等于MAC地址平均值,所述MAC地址平均值为所述第二总MAC地址与全部所述虚拟局域网的数量的商值;第四设置模块,设置为在判断出全部所述 虚拟局域网中第二目标虚拟局域网内MAC地址数量大于或等于所述MAC地址平均值的情况下,设置所述第二目标虚拟局域网内MAC地址数量的限制值为所述第一预设动态水线值;第五设置模块,设置为在判断出全部所述虚拟局域网中第二目标虚拟局域网内MAC地址数量小于所述MAC地址平均值的情况下,设置第二目标虚拟局域网内MAC地址数量的限制值为所述第二总MAC地址。Further, the device further includes: a second obtaining module, configured to acquire, in the case that the first total MAC address reaches the second preset dynamic watermark value, acquire each of the virtual local area networks The number of MAC addresses in the virtual local area network; the fourth determining module is configured to determine whether the number of MAC addresses in the second target virtual local area network in all the virtual local area networks is greater than or equal to an average value of the MAC addresses, and the average value of the MAC addresses is Determining a quotient of the second total MAC address and the number of all the virtual local area networks; and a fourth setting module, configured to determine all of the If the number of MAC addresses in the second target virtual local area network is greater than or equal to the average value of the MAC address in the virtual local area network, setting a limit value of the number of MAC addresses in the second target virtual local area network is the first preset dynamic water line. a fifth setting module, configured to set a limit on the number of MAC addresses in the second target virtual local area network when determining that the number of MAC addresses in the second target virtual local area network is less than the average value of the MAC address in all the virtual local area networks The value is the second total MAC address.
进一步地,所述装置还包括:确定模块,设置为在设置所述第二目标虚拟局域网内MAC地址数量的限制值为所述第一预设动态水线值之后,确定所述第二目标虚拟局域网处于的优先级范围,其中,所述优先级范围用于指示是否继续学习所述第二目标虚拟局域网内的MAC地址。Further, the device further includes: a determining module, configured to determine the second target virtual after setting a limit value of the number of MAC addresses in the second target virtual local area network to the first preset dynamic waterline value The priority range of the local area network, wherein the priority range is used to indicate whether to continue learning the MAC address in the second target virtual local area network.
本发明实施例还提供一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现上述方法。The embodiment of the invention further provides a computer readable storage medium storing computer executable instructions, which are implemented when executed by a processor.
通过本发明,采用判断虚拟局域网中学习到的MAC地址的数量是否达到限制条件,其中,限制条件为以下之一:预设阈值和预设动态水线值;在判断出虚拟局域网中学习到的MAC地址的数量达到限制条件的情况下,停止学习达到限制条件后接收到的MAC地址,并按照预设方式处理限制条件后接收到的MAC地址的报文,其中,预设方式包括以下之一:转发或者丢弃,解决了相关技术中无法控制交换机虚拟局域网学习MAC地址的问题,进而达到了提高虚拟局域网运行稳定性的效果。According to the present invention, it is determined whether the number of learned MAC addresses in the virtual local area network reaches a limit condition, wherein the restriction condition is one of the following: a preset threshold and a preset dynamic watermark value; and the learned in the virtual local area network is determined. If the number of MAC addresses reaches the limit condition, the MAC address received after the restriction condition is stopped is learned, and the MAC address received after the restriction condition is processed according to a preset manner, where the preset mode includes one of the following: : Forwarding or discarding solves the problem that the related technology cannot control the learning MAC address of the switch virtual local area network, thereby achieving the effect of improving the stability of the virtual local area network.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图概述BRIEF abstract
图1是相关技术中机架式交换机的结构示意图;1 is a schematic structural diagram of a rack switch in the related art;
图2是根据本发明实施例的交换机虚拟局域网中MAC地址的学习方法的流程图;2 is a flowchart of a method for learning a MAC address in a virtual local area network of a switch according to an embodiment of the present invention;
图3是根据本发明实施例的交换机虚拟局域网中MAC地址的学习装置的结构框图; 3 is a structural block diagram of a device for learning a MAC address in a virtual local area network of a switch according to an embodiment of the present invention;
图4是根据本发明实施例的MAC限制优先级分类示意图;4 is a schematic diagram of MAC restriction priority classification according to an embodiment of the present invention;
图5是根据本发明实施例的虚拟局域网内MAC限制动态水线的示意图;FIG. 5 is a schematic diagram of a MAC restriction dynamic waterline in a virtual local area network according to an embodiment of the present invention; FIG.
图6是根据本发明实施例的机架式交换机的通信示意图;6 is a schematic diagram of communication of a rack switch according to an embodiment of the present invention;
图7是根据本发明优选实施例的交换机虚拟局域网中MAC地址的学习方法的流程图(对应用户设置方式);7 is a flowchart (corresponding to a user setting manner) of a method for learning a MAC address in a virtual local area network of a switch according to a preferred embodiment of the present invention;
图8是根据本发明优选实施例的交换机虚拟局域网中MAC地址的学习方法的流程图(对应动态限制设置方式)。FIG. 8 is a flowchart (corresponding to a dynamic limit setting manner) of a method for learning a MAC address in a virtual local area network of a switch according to a preferred embodiment of the present invention.
本发明的实施方式Embodiments of the invention
下文中将结合附图对本发明的实施例进行详细说明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It is to be understood that the terms "first", "second" and the like in the specification and claims of the present invention are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.
在本实施例中提供了一种交换机虚拟局域网中MAC地址的学习方法,图2是根据本发明实施例的交换机虚拟局域网中MAC地址的学习方法的流程图,如图2所示,该流程包括如下步骤:In this embodiment, a method for learning a MAC address in a virtual local area network of a switch is provided. FIG. 2 is a flowchart of a method for learning a MAC address in a virtual local area network of a switch according to an embodiment of the present invention. As shown in FIG. 2, the process includes The following steps:
步骤S202,判断虚拟局域网中学习到的MAC地址的数量是否达到限制条件,其中,限制条件包括以下之一:预设阈值,预设动态水线值。Step S202: Determine whether the number of learned MAC addresses in the virtual local area network reaches a limit condition, where the restriction condition includes one of the following: a preset threshold, and a preset dynamic watermark value.
步骤S204,在判断出虚拟局域网中学习到的MAC地址的数量达到限制条件的情况下,停止学习达到限制条件后接收到的MAC地址,并按照预设方式处理限制条件后接收到的MAC地址的报文,其中,预设方式包括以下之一:转发,丢弃。Step S204, if it is determined that the number of MAC addresses learned in the virtual local area network reaches a limit condition, stop learning the MAC address received after the restriction condition is reached, and process the MAC address received after the restriction condition is processed according to a preset manner. A packet, where the preset mode includes one of the following: forwarding, discarding.
通过上述步骤,对不同情况的虚拟局域网内学习到的MAC地址的数量与该虚拟局域网相对应的限制条件进行比较,在该虚拟局域网内学习到的 MAC地址的数量达到其相对应的限制条件的情况下,为了避免影响其他虚拟局域网的运行,停止该虚拟局域网内对MAC地址的学习,并且对超出限制条件之后接收到的报文进行丢弃或者转发,解决了相关技术中无法控制交换机虚拟局域网学习MAC地址的问题,进而达到了提高虚拟局域网运行稳定性的效果。Through the above steps, comparing the number of MAC addresses learned in the virtual local area network in different situations with the restriction conditions corresponding to the virtual local area network, and learning in the virtual local area network In the case that the number of MAC addresses reaches the corresponding limit, in order to avoid affecting the operation of other virtual local area networks, the learning of MAC addresses in the virtual local area network is stopped, and the received messages after the exceeding of the restriction conditions are discarded or forwarded. The problem that the MAC address of the virtual LAN of the switch cannot be controlled in the related art is solved, thereby achieving the effect of improving the stability of the operation of the virtual local area network.
如果虚拟局域网的规模为已知,限制条件为预设阈值;如果虚拟局域网的规模为未知,限制条件为预设动态水线值。If the size of the virtual local area network is known, the constraint is a preset threshold; if the size of the virtual local area network is unknown, the constraint is a preset dynamic watermark value.
在本实施例中,若限制条件为预设动态水线值,则预设动态水线值包括第一预设动态水线值,其中,判断虚拟局域网中学习到的MAC地址的数量是否达到限制条件包括:统计交换机的全部虚拟局域网中学习到的MAC地址之和,得到第一总MAC地址;判断第一总MAC地址是否达到第一预设动态水线值,其中,第一预设动态水线值为第二总MAC地址与第一预设动态水线百分比的乘积,第二总MAC地址为全部虚拟局域网内MAC地址之和,其中,在判断出第一总MAC地址达到第一预设动态水线值的情况下,确定虚拟局域网中学习到的MAC地址的数量达到限制条件。第一预设动态水线百分比可以根据需求设置,例如:70%。In this embodiment, if the constraint condition is a preset dynamic waterline value, the preset dynamic watermark value includes a first preset dynamic watermark value, wherein determining whether the number of learned MAC addresses in the virtual local area network reaches a limit The condition includes: collecting the sum of the learned MAC addresses in all the virtual local area networks of the switch, and obtaining the first total MAC address; determining whether the first total MAC address reaches the first preset dynamic watermark value, wherein the first preset dynamic water The line value is the product of the second total MAC address and the percentage of the first preset dynamic water line, and the second total MAC address is the sum of the MAC addresses in all the virtual local area networks, wherein the first total MAC address is determined to reach the first preset. In the case of a dynamic watermark value, it is determined that the number of learned MAC addresses in the virtual local area network reaches a limit condition. The first preset dynamic waterline percentage can be set according to requirements, for example: 70%.
在本实施例中,预设动态水线值还包括第二预设动态水线值,其中,判断虚拟局域网中学习到的MAC地址的数量是否达到限制条件还包括:在判断出第一总MAC地址未达到第一预设动态水线值的情况下,判断第一总MAC地址是否达到第二预设动态水线值,其中,第二预设动态水线值为第二总MAC地址与第二预设动态水线百分比的乘积,且第二预设动态水线值小于第一预设动态水线值,其中,在判断出第一总MAC地址达到第二预设动态水线值的情况下,确定虚拟局域网中学习到的MAC地址的数量达到限制条件。第二动态水线百分比也可以根据需求设置,但要小于第一动态水线百分比,例如:50%。In this embodiment, the preset dynamic watermark value further includes a second preset dynamic watermark value, wherein determining whether the number of learned MAC addresses in the virtual local area network reaches the limiting condition further includes: determining the first total MAC address If the address does not reach the first preset dynamic watermark value, it is determined whether the first total MAC address reaches the second preset dynamic watermark value, wherein the second preset dynamic watermark value is the second total MAC address and the first The product of the preset dynamic watermark percentage, and the second preset dynamic watermark value is smaller than the first preset dynamic watermark value, wherein the first total MAC address is determined to reach the second preset dynamic watermark value Next, it is determined that the number of MAC addresses learned in the virtual local area network reaches a limit condition. The second dynamic waterline percentage can also be set according to demand, but less than the first dynamic waterline percentage, for example: 50%.
在本实施例中,在判断出第一总MAC地址达到第一预设动态水线值的情况下,方法还包括如下步骤:In this embodiment, when it is determined that the first total MAC address reaches the first preset dynamic watermark value, the method further includes the following steps:
步骤S1,获取全部虚拟局域网中每个虚拟局域网内MAC地址的数量。In step S1, the number of MAC addresses in each virtual local area network in all virtual local area networks is obtained.
步骤S2,判断全部虚拟局域网中第一目标虚拟局域网内MAC地址数量 是否大于或等于第一预设动态水线值。Step S2, determining the number of MAC addresses in the first target virtual local area network in all virtual local area networks Whether it is greater than or equal to the first preset dynamic watermark value.
步骤S3,在判断出全部虚拟局域网中第一目标虚拟局域网内MAC地址数量大于或等于第一预设动态水线值的情况下,设置第一目标虚拟局域网内MAC地址数量的限制值为第一目标虚拟局域网中学习到的MAC地址的数量,并删除第一目标虚拟局域网中学习到的却在预设时间段内未使用的MAC地址,也即,在设置第一目标虚拟局域网内MAC地址数量的限制值后,还要加快该第一目标虚拟局域网内已学习到的MAC地址的老化速度,使得长期占用资源但长时间没有使用的用户下线,以及加速老化一些恶意攻击占用资源的MAC地址。In step S3, when it is determined that the number of MAC addresses in the first target virtual local area network is greater than or equal to the first preset dynamic watermark value in all the virtual local area networks, setting a limit value of the number of MAC addresses in the first target virtual local area network is first. The number of learned MAC addresses in the target virtual local area network, and deletes the MAC addresses learned in the first target virtual local area network but not used within the preset time period, that is, the number of MAC addresses in the first target virtual local area network is set. After the limit value, the aging speed of the learned MAC address in the first target virtual local area network is also accelerated, so that users who have long occupied resources but have not used for a long time go offline, and accelerate the aging of some malicious attacks occupying resource MAC addresses. .
步骤S4,在判断出全部虚拟局域网中第一目标虚拟局域网内MAC地址数量小于第一预设动态水线值的情况下,判断第一目标虚拟局域网内MAC地址数量是否大于或等于MAC地址平均值,其中,MAC地址平均值为第二总MAC地址与全部虚拟局域网的数量的商值。In step S4, if it is determined that the number of MAC addresses in the first target virtual local area network is smaller than the first preset dynamic watermark value in all the virtual local area networks, determine whether the number of MAC addresses in the first target virtual local area network is greater than or equal to the average value of the MAC addresses. Wherein the MAC address average is the quotient of the second total MAC address and the number of all virtual local area networks.
步骤S5,在判断出第一目标虚拟局域网内MAC地址数量大于或等于MAC地址平均值的情况下,设置第一目标虚拟局域网内MAC地址数量的限制值为第二预设动态水线值,并删除第一目标虚拟局域网中学习到的却在预设时间段内未使用的MAC地址,其中,第二预设动态水线值为第二总MAC地址与第二预设动态水线百分比的乘积,且第二预设动态水线值小于第一预设动态水线值。In step S5, if it is determined that the number of MAC addresses in the first target virtual local area network is greater than or equal to the average value of the MAC address, setting a limit value of the number of MAC addresses in the first target virtual local area network is a second preset dynamic watermark value, and Deleting the MAC address learned in the first target virtual local area network but not used in the preset time period, wherein the second preset dynamic water line value is the product of the second total MAC address and the second preset dynamic water line percentage And the second preset dynamic watermark value is less than the first preset dynamic watermark value.
步骤S6,在判断出第一目标虚拟局域网内MAC地址数量小于MAC地址平均值的情况下,设置第一目标虚拟局域网内MAC地址数量的限制值为MAC地址平均值。Step S6: In the case that it is determined that the number of MAC addresses in the first target virtual local area network is smaller than the average value of the MAC address, setting a limit value of the number of MAC addresses in the first target virtual local area network is a MAC address average value.
需要说明的是,在判断出第一总MAC地址达到第一预设动态水线值的情况下,全部虚拟局域网内的每个虚拟局域网都通过执行上述步骤S1至步骤S6完成对该虚拟局域网内MAC地址数量的限制值的设置,也即,将全部虚拟局域网内的每个虚拟局域网都依次作为第一目标虚拟局域网来执行上述步骤S1至步骤S6。It should be noted that, in a case that the first total MAC address is determined to reach the first preset dynamic watermark value, each virtual local area network in the entire virtual local area network is completed in the virtual local area network by performing the foregoing steps S1 to S6. The setting of the limit value of the number of MAC addresses, that is, each of the virtual local area networks in the entire virtual local area network is sequentially performed as the first target virtual local area network to perform the above steps S1 to S6.
在本实施例中,在判断出第一总MAC地址达到第二预设动态水线值的情况下,方法还包括如下步骤: In this embodiment, when it is determined that the first total MAC address reaches the second preset dynamic watermark value, the method further includes the following steps:
步骤S7,获取全部虚拟局域网中每个虚拟局域网内MAC地址的数量。In step S7, the number of MAC addresses in each virtual local area network in all virtual local area networks is obtained.
步骤S8,判断全部虚拟局域网中第二目标虚拟局域网内MAC地址数量是否大于或等于MAC地址平均值,MAC地址平均值为第二总MAC地址与全部虚拟局域网的数量的商值。In step S8, it is determined whether the number of MAC addresses in the second target virtual local area network in all the virtual local area networks is greater than or equal to the average value of the MAC addresses, and the average value of the MAC addresses is the quotient of the second total MAC address and the number of all virtual local area networks.
步骤S9,在判断出全部虚拟局域网中第二目标虚拟局域网内MAC地址数量大于或等于MAC地址平均值的情况下,设置第二目标虚拟局域网内MAC地址数量的限制值为第一预设动态水线值。Step S9: When it is determined that the number of MAC addresses in the second target virtual local area network is greater than or equal to the average value of the MAC address in all the virtual local area networks, setting a limit value of the number of MAC addresses in the second target virtual local area network is a first preset dynamic water. Line value.
步骤S10,在判断出全部虚拟局域网中第二目标虚拟局域网内MAC地址数量小于MAC地址平均值的情况下,设置第二目标虚拟局域网内MAC地址数量的限制值为第二总MAC地址。Step S10: If it is determined that the number of MAC addresses in the second target virtual local area network is smaller than the average value of the MAC address in all the virtual local area networks, setting a limit value of the number of MAC addresses in the second target virtual local area network is a second total MAC address.
需要说明的是,在判断出第一总MAC地址达到第二预设动态水线值的情况下,全部虚拟局域网内的每个虚拟局域网都通过执行上述步骤S7至步骤S10完成对该虚拟局域网内MAC地址数量的限制值的设置,也即,将全部虚拟局域网内的每个虚拟局域网都依次作为第二目标虚拟局域网来执行上述步骤S7至步骤S10。It should be noted that, in a case that the first total MAC address is determined to reach the second preset dynamic watermark value, each virtual local area network in the entire virtual local area network is completed in the virtual local area network by performing the foregoing steps S7 to S10. The setting of the limit value of the number of MAC addresses, that is, each of the virtual local area networks in the entire virtual local area network is sequentially performed as the second target virtual local area network to perform the above steps S7 to S10.
在本实施例中,在设置第二目标虚拟局域网内MAC地址数量的限制值为第一预设动态水线值之后,方法还包括:确定第二目标虚拟局域网处于的优先级范围,其中,优先级范围用于指示是否继续学习第二目标虚拟局域网内的MAC地址。即,如果第二目标虚拟局域网处于的优先级范围较高,第二目标虚拟局域网可以继续学习MAC地址,如果第二目标虚拟局域网处于的优先级范围较低,第二目标虚拟局域网则停止继续学习MAC地址。In this embodiment, after the limit value of the number of MAC addresses in the second target virtual local area network is set to be the first preset dynamic watermark value, the method further includes: determining a priority range in which the second target virtual local area network is in, wherein, priority The level range is used to indicate whether to continue learning the MAC address in the second target virtual local area network. That is, if the second target virtual local area network has a higher priority range, the second target virtual local area network can continue to learn the MAC address, and if the second target virtual local area network is in a lower priority range, the second target virtual local area network stops learning. MAC address.
在本实施例中还提供了一种交换机虚拟局域网中MAC地址的学习装置,该装置用于实现上述实施例及优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In this embodiment, a device for learning a MAC address in a virtual local area network of a switch is also provided. The device is used to implement the foregoing embodiments and preferred embodiments, and details are not described herein. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图3是根据本发明实施例的交换机虚拟局域网中MAC地址的学习装置的结构框图,如图3所示,该装置包括: FIG. 3 is a structural block diagram of a device for learning a MAC address in a virtual local area network of a switch according to an embodiment of the present invention. As shown in FIG. 3, the device includes:
第一判断模块32,设置为判断虚拟局域网中学习到的MAC地址的数量是否达到限制条件,其中,限制条件包括以下之一:预设阈值,预设动态水线值。The first determining module 32 is configured to determine whether the number of learned MAC addresses in the virtual local area network reaches a limiting condition, where the limiting condition includes one of the following: a preset threshold, and a preset dynamic watermark value.
处理模块34,设置为在判断出虚拟局域网中学习到的MAC地址的数量达到限制条件的情况下,停止学习达到限制条件后接收到的MAC地址,并按照预设方式处理限制条件后接收到的MAC地址的报文,其中,预设方式包括以下之一:转发,丢弃。The processing module 34 is configured to, after determining that the number of MAC addresses learned in the virtual local area network reaches a limiting condition, stop learning the MAC address received after reaching the limiting condition, and receive the received condition according to the preset manner. A MAC address packet, where the preset mode includes one of the following: forwarding, and discarding.
通过上述装置,对不同情况的虚拟局域网内学习到的MAC地址的数量与该虚拟局域网相对应的限制条件进行比较,在该虚拟局域网内学习到的MAC地址的数量达到其相对应的限制条件的情况下,为了避免影响其他虚拟局域网的运行,停止该虚拟局域网内对MAC地址的学习,并且对超出限制条件之后接收到的报文进行丢弃或者转发,解决了相关技术中无法控制交换机虚拟局域网学习MAC地址的问题,进而达到了提高虚拟局域网运行稳定性的效果。Through the foregoing apparatus, the number of MAC addresses learned in the virtual local area network in different situations is compared with the limitation condition corresponding to the virtual local area network, and the number of learned MAC addresses in the virtual local area network reaches the corresponding limiting condition. In this case, in order to avoid affecting the operation of other virtual local area networks, the learning of the MAC address in the virtual local area network is stopped, and the received packets are discarded or forwarded after the limitation condition is exceeded. The problem of the MAC address, in turn, achieves the effect of improving the stability of the virtual local area network.
如果虚拟局域网的规模为已知,限制条件为预设阈值;如果虚拟局域网的规模为未知,限制条件为预设动态水线值。If the size of the virtual local area network is known, the constraint is a preset threshold; if the size of the virtual local area network is unknown, the constraint is a preset dynamic watermark value.
在本实施例中,若限制条件为预设动态水线值,则预设动态水线值包括第一预设动态水线值,其中,第一判断模块32包括统计单元和第一判断单元,其中:In this embodiment, if the constraint condition is a preset dynamic waterline value, the preset dynamic watermark value includes a first preset dynamic watermark value, wherein the first determining module 32 includes a statistical unit and a first determining unit. among them:
统计单元设置为统计交换机的全部虚拟局域网中学习到的MAC地址之和,得到第一总MAC地址。The statistic unit is configured to count the sum of the learned MAC addresses in all virtual local area networks of the switch to obtain the first total MAC address.
第一判断单元设置为判断第一总MAC地址是否达到第一预设动态水线值,其中,第一预设动态水线值为第二总MAC地址与第一预设动态水线百分比的乘积,第二总MAC地址为全部虚拟局域网内MAC地址之和,其中,在判断出第一总MAC地址达到第一预设动态水线值的情况下,确定虚拟局域网中学习到的MAC地址的数量达到限制条件。第一预设动态水线百分比可以根据需求设置,例如:70%。The first determining unit is configured to determine whether the first total MAC address reaches a first preset dynamic watermark value, wherein the first preset dynamic watermark value is a product of the second total MAC address and the first preset dynamic watermark percentage The second total MAC address is the sum of the MAC addresses in all the virtual local area networks, wherein, in the case that the first total MAC address is determined to reach the first preset dynamic watermark value, the number of learned MAC addresses in the virtual local area network is determined. Reach the restrictions. The first preset dynamic waterline percentage can be set according to requirements, for example: 70%.
在本实施例中,预设动态水线值还包括第二预设动态水线值,其中,第 一判断模块32还包括第二判断单元,其中:In this embodiment, the preset dynamic watermark value further includes a second preset dynamic watermark value, wherein A judging module 32 further includes a second judging unit, wherein:
第二判断单元设置为在判断出第一总MAC地址未达到第一预设动态水线值的情况下,判断第一总MAC地址是否达到第二预设动态水线值,其中,第二预设动态水线值为第二总MAC地址与第二预设动态水线百分比的乘积,且第二预设动态水线值小于第一预设动态水线值,其中,在判断出第一总MAC地址达到第二预设动态水线值的情况下,确定虚拟局域网中学习到的MAC地址的数量达到限制条件。第二动态水线百分比也可以根据需求设置,但要小于第一动态水线百分比,例如:50%。The second determining unit is configured to determine whether the first total MAC address reaches the second preset dynamic watermark value, if the first total MAC address does not reach the first preset dynamic watermark value, wherein the second pre- The dynamic watermark value is a product of a second total MAC address and a second preset dynamic waterline percentage, and the second preset dynamic watermark value is smaller than the first preset dynamic watermark value, wherein the first total is determined When the MAC address reaches the second preset dynamic watermark value, it is determined that the number of learned MAC addresses in the virtual local area network reaches a limit condition. The second dynamic waterline percentage can also be set according to demand, but less than the first dynamic waterline percentage, for example: 50%.
在本实施例中,装置还包括第一获取模块、第二判断模块、第一设置模块、第三判断模块、第二设置模块和第三设置模块,其中:In this embodiment, the device further includes a first obtaining module, a second determining module, a first setting module, a third determining module, a second setting module, and a third setting module, where:
第一获取模块设置为在判断出第一总MAC地址达到第一预设动态水线值的情况下,获取全部虚拟局域网中每个虚拟局域网内MAC地址的数量。The first obtaining module is configured to acquire the number of MAC addresses in each virtual local area network in all virtual local area networks when it is determined that the first total MAC address reaches the first preset dynamic watermark value.
第二判断模块设置为判断全部虚拟局域网中第一目标虚拟局域网内MAC地址数量是否大于或等于第一预设动态水线值。The second determining module is configured to determine whether the number of MAC addresses in the first target virtual local area network in all the virtual local area networks is greater than or equal to the first preset dynamic water line value.
第一设置模块设置为在判断出全部虚拟局域网中第一目标虚拟局域网内MAC地址数量大于或等于第一预设动态水线值的情况下,设置第一目标虚拟局域网内MAC地址数量的限制值为第一目标虚拟局域网中学习到的MAC地址的数量,并删除第一目标虚拟局域网中学习到的却在预设时间段内未使用的MAC地址,也即,在设置第一目标虚拟局域网内MAC地址数量的限制值后,还要加快该第一目标虚拟局域网内已学习到的MAC地址的老化速度,使得长期占用资源但长时间没有使用的用户下线,以及加速老化一些恶意攻击占用资源的MAC地址。The first setting module is configured to set a limit value of the number of MAC addresses in the first target virtual local area network when determining that the number of MAC addresses in the first target virtual local area network is greater than or equal to the first preset dynamic water line value in all the virtual local area networks The number of MAC addresses learned in the first target virtual local area network, and deleting the MAC address learned in the first target virtual local area network but not used in the preset time period, that is, in setting the first target virtual local area network After the limit of the number of MAC addresses, the aging rate of learned MAC addresses in the first target virtual local area network is also accelerated, so that users who have long occupied resources but have not used for a long time go offline, and accelerate aging. Some malicious attacks occupy resources. MAC address.
第三判断模块设置为在判断出全部虚拟局域网中第一目标虚拟局域网内MAC地址数量小于第一预设动态水线值的情况下,判断第一目标虚拟局域网内MAC地址数量是否大于或等于MAC地址平均值,其中,MAC地址平均值为第二总MAC地址与全部虚拟局域网的数量的商值。The third determining module is configured to determine whether the number of MAC addresses in the first target virtual local area network is greater than or equal to the MAC, if it is determined that the number of MAC addresses in the first target virtual local area network is less than the first preset dynamic watermark value in all the virtual local area networks. The address average, where the MAC address average is the quotient of the second total MAC address and the number of all virtual local area networks.
第二设置模块设置为在判断出第一目标虚拟局域网内MAC地址数量大于或等于MAC地址平均值的情况下,设置第一目标虚拟局域网内MAC地址 数量的限制值为第二预设动态水线值,并删除第一目标虚拟局域网中学习到的却在预设时间段内未使用的MAC地址,其中,第二预设动态水线值为第二总MAC地址与第二预设动态水线百分比的乘积,且第二预设动态水线值小于第一预设动态水线值。The second setting module is configured to set the MAC address in the first target virtual local area network when determining that the number of MAC addresses in the first target virtual local area network is greater than or equal to the average value of the MAC address The limit value of the quantity is a second preset dynamic waterline value, and the MAC address learned in the first target virtual local area network but not used in the preset time period is deleted, wherein the second preset dynamic watermark value is The product of the total MAC address and the second preset dynamic waterline percentage, and the second preset dynamic watermark value is smaller than the first preset dynamic watermark value.
第三设置模块设置为在判断出第一目标虚拟局域网内MAC地址数量小于MAC地址平均值的情况下,设置第一目标虚拟局域网内MAC地址数量的限制值为MAC地址平均值。The third setting module is configured to set a limit value of the number of MAC addresses in the first target virtual local area network to a MAC address average value when it is determined that the number of MAC addresses in the first target virtual local area network is smaller than the average value of the MAC address.
需要说明的是,在判断出第一总MAC地址达到第一预设动态水线值的情况下,全部虚拟局域网内的每个虚拟局域网都通过调用第一获取模块、第二判断模块、第一设置模块、第三判断模块、第二设置模块和第三设置模块完成对该虚拟局域网内MAC地址数量的限制值的设置,也即,将全部虚拟局域网内的每个虚拟局域网都依次作为第一目标虚拟局域网来调用上述第一获取模块、第二判断模块、第一设置模块、第三判断模块、第二设置模块和第三设置模块。It should be noted that, when it is determined that the first total MAC address reaches the first preset dynamic watermark value, each virtual local area network in the entire virtual local area network is invoked by the first obtaining module, the second determining module, and the first The setting module, the third determining module, the second setting module, and the third setting module complete setting of a limit value of the number of MAC addresses in the virtual local area network, that is, each virtual local area network in the entire virtual local area network is sequentially used as the first The target virtual local area network invokes the first obtaining module, the second determining module, the first setting module, the third determining module, the second setting module, and the third setting module.
在本实施例中,装置还包括第二获取模块、第四判断模块、第四设置模块和第五设置模块,其中:In this embodiment, the device further includes a second obtaining module, a fourth determining module, a fourth setting module, and a fifth setting module, where:
第二获取模块设置为在判断出第一总MAC地址达到第二预设动态水线值的情况下,获取全部虚拟局域网中每个虚拟局域网内MAC地址的数量。The second obtaining module is configured to obtain the number of MAC addresses in each virtual local area network in all virtual local area networks when it is determined that the first total MAC address reaches the second preset dynamic watermark value.
第四判断模块设置为判断全部虚拟局域网中第二目标虚拟局域网内MAC地址数量是否大于或等于MAC地址平均值,MAC地址平均值为第二总MAC地址与全部虚拟局域网的数量的商值。The fourth determining module is configured to determine whether the number of MAC addresses in the second target virtual local area network in all the virtual local area networks is greater than or equal to the average value of the MAC addresses, and the average value of the MAC addresses is the quotient of the second total MAC address and the number of all virtual local area networks.
第四设置模块设置为在判断出全部虚拟局域网中第二目标虚拟局域网内MAC地址数量大于或等于MAC地址平均值的情况下,设置第二目标虚拟局域网内MAC地址数量的限制值为第一预设动态水线值。The fourth setting module is configured to set a limit value of the number of MAC addresses in the second target virtual local area network to be the first pre-determined in the case that the number of MAC addresses in the second target virtual local area network is greater than or equal to the average value of the MAC address in all the virtual local area networks. Set the dynamic watermark value.
第五设置模块设置为在判断出全部虚拟局域网中第二目标虚拟局域网内MAC地址数量小于MAC地址平均值的情况下,设置第二目标虚拟局域网内MAC地址数量的限制值为第二总MAC地址。The fifth setting module is configured to set a limit value of the number of MAC addresses in the second target virtual local area network to a second total MAC address when it is determined that the number of MAC addresses in the second target virtual local area network is less than the average value of the MAC address in all the virtual local area networks. .
需要说明的是,在判断出第一总MAC地址达到第二预设动态水线值的 情况下,全部虚拟局域网内的每个虚拟局域网都通过调用上述第二获取模块、第四判断模块、第四设置模块和第五设置模块完成对该虚拟局域网内MAC地址数量的限制值的设置,也即,将全部虚拟局域网内的每个虚拟局域网都依次作为第二目标虚拟局域网来调用上述第二获取模块、第四判断模块、第四设置模块和第五设置模块。It should be noted that, when it is determined that the first total MAC address reaches the second preset dynamic watermark value In this case, each virtual local area network in the entire virtual local area network completes the setting of the limit value of the number of MAC addresses in the virtual local area network by calling the second obtaining module, the fourth determining module, the fourth setting module, and the fifth setting module. That is, each of the virtual local area networks in the entire virtual local area network is sequentially used as the second target virtual local area network to invoke the second obtaining module, the fourth determining module, the fourth setting module, and the fifth setting module.
在本实施例中,装置还包括确定模块,其中,确定模块设置为在设置第二目标虚拟局域网内MAC地址数量的限制值为第一预设动态水线值之后,确定第二目标虚拟局域网处于的优先级范围,其中,优先级范围用于指示是否继续学习第二目标虚拟局域网内的MAC地址。In this embodiment, the apparatus further includes a determining module, wherein the determining module is configured to determine that the second target virtual local area network is located after setting a limit value of the number of MAC addresses in the second target virtual local area network to a first preset dynamic water line value The priority range, wherein the priority range is used to indicate whether to continue learning the MAC address in the second target virtual local area network.
下面结合优选实施例和实施方式进行详细说明。The following detailed description will be made in conjunction with the preferred embodiments and embodiments.
如果虚拟局域网的规模为已知,交换机虚拟局域网中MAC地址的学习方法也可以称为用户配置方式;如果虚拟局域网的规模为未知,交换机虚拟局域网中MAC地址的学习方法也可以称为动态限制方式。也即,本申请所提供的交换机虚拟局域网中MAC地址的学习方法中针对用户规模分为两种实现方法:如果是已知规模,则采取用户配置方式;如果是未知规模,则由交换机提供一种动态限制方式。这两种方式在达到限制后,通过以下三种方式控制MAC资源,具体为:方式一,加快老化速度,使长期占用资源但长时间没有使用的用户下线,以及加速老化一些恶意攻击占用资源的MAC地址;方式二,关闭某些VLAN的MAC学习功能;方式三,配置不同MAC范围优先级,对不同优先级采用不同的学习策略。If the size of the virtual local area network is known, the learning method of the MAC address in the virtual LAN of the switch may also be referred to as a user configuration mode; if the size of the virtual local area network is unknown, the learning method of the MAC address in the virtual local area network of the switch may also be referred to as a dynamic limiting manner. . That is, the method for learning the MAC address in the virtual LAN of the switch provided by the present application is divided into two implementation methods for the user scale: if it is a known scale, the user configuration mode is adopted; if it is an unknown scale, the switch provides a Dynamic restriction method. After the two methods reach the limit, the MAC resources are controlled in the following three ways: Specifically, the method is used to speed up the aging process, and the users who use resources for a long time but are not used for a long time go offline, and accelerate the aging. Some malicious attacks occupy resources. MAC address; mode 2: disable MAC address learning in certain VLANs; mode 3: configure different MAC address priorities, and use different learning policies for different priorities.
但是不论是用户配置方式,还是动态限制方式都需要用户先进行相关配置,以虚拟局域网X为例,具体说明如下:However, whether the user configuration mode or the dynamic restriction mode requires the user to perform related configuration first, the virtual local area network X is taken as an example, and the specific description is as follows:
配置1:用户配置方式下设置机架式交换机虚拟局域网X内的MAC地址数量阈值为LIMITx。Configuration 1: Set the threshold of the number of MAC addresses in the virtual LAN X of the rack switch in the user configuration mode to LIMITx.
配置2:用户配置方式下设置机架式交换机虚拟局域网X内,当MAC地址数量达到阈值LIMITx的时候超出的源MAC地址的报文是直接丢弃(drop)还是直接转发(forward)。 Configuration 2: In the user configuration mode, the packets of the source MAC address that are exceeded when the number of MAC addresses reaches the threshold LIMITx are directly dropped or forwarded.
配置3:是否打开所有VLAN的动态限制功能;若打开,则autolimit=1;若关闭,则autolimit=0。Configuration 3: Whether to enable the dynamic limit function of all VLANs; if it is on, autolimit=1; if it is off, autolimit=0.
配置4:用户配置动态水线百分比。比如第一条动态水线百分比是a%,第二条动态水线百分比是b%。需要说明的是,上述动态水线的数量暂时定义两条,但是不限制为两条。Configuration 4: User configured dynamic waterline percentage. For example, the first dynamic waterline percentage is a%, and the second dynamic waterline percentage is b%. It should be noted that the number of the above dynamic water lines is temporarily defined by two, but is not limited to two.
配置5:配置不同优先级范围的MAC学习策略,是否允许该优先级虚拟局域网X的MAC学习。若允许,则prioXlearn=1;若不允许,则prioXlearn=0。图4是根据本发明实施例的MAC限制优先级分类示意图,具体优先级分类设置请见图4。Configuration 5: Configure MAC learning policies of different priority ranges to allow MAC learning of the priority virtual local area network X. If allowed, prioXlearn=1; if not allowed, prioXlearn=0. FIG. 4 is a schematic diagram of MAC priority prioritization according to an embodiment of the present invention. For specific priority classification settings, see FIG. 4.
其中,用户配置方式采取配置1和配置2配合使用;动态限制方式采取配置3、配置4、配置5和配置2配合使用。The user configuration mode is configured by using configuration 1 and configuration 2; the dynamic restriction mode is configured by using configuration 3, configuration 4, configuration 5, and configuration 2.
图5是根据本发明实施例的虚拟局域网内MAC限制动态水线的示意图。如图5所示,动态限制方式是通过统计网络设备(例如;交换机)的所有VLAN的MAC数量总和,与用户配置的几条动态水线对比,达到不同动态水线后对不同的VLAN设置不同的MAC数量限制值,既可以保证每个VLAN内都有可利用的MAC资源,又给需要较多MAC资源的VLAN分配较多的MAC资源,使得MAC资源的分配更合理。FIG. 5 is a schematic diagram of a MAC restricted dynamic watermark in a virtual local area network according to an embodiment of the present invention. As shown in Figure 5, the dynamic limit mode is to compare the number of MAC addresses of all VLANs of a network device (for example, a switch) with several dynamic water lines configured by the user. After different dynamic water lines are reached, different VLANs are set differently. The MAC address limit value can ensure that there are available MAC resources in each VLAN, and allocate more MAC resources to VLANs that require more MAC resources, so that the allocation of MAC resources is more reasonable.
图6是根据本发明实施例的机架式交换机的通信示意图。通过图6对用户配置方式下,机架式交换机中主控端和线卡端的工作过程进行说明。6 is a schematic diagram of communication of a rack switch according to an embodiment of the present invention. The working process of the main control terminal and the line card terminal in the rack switch is described in Figure 6 for the user configuration mode.
主控端:Host:
主要负责统计所有线卡学到的每个虚拟局域网内的MAC地址数量,对于设置了配置1的虚拟局域网X,在该虚拟局域网X内的MAC地址数目达到阈值LIMITx的时候,负责通知所有的线卡消息1:停止学习虚拟局域网X内的物理地址,并且根据配置2通知所有的线卡丢弃(如果配置2为drop)或者直接转发(如果配置2为forward)超出阈值部分的报文。并且删除超出阈值部分但已经上报给主控的MAC地址。 It is mainly responsible for counting the number of MAC addresses in each virtual local area network learned by all line cards. For the virtual local area network X with configuration 1, when the number of MAC addresses in the virtual local area network X reaches the threshold LIMITx, it is responsible for notifying all the lines. Card Message 1: Stop learning the physical address in Virtual LAN X, and notify all line card discards (if configuration 2 is drop) or directly forward (if configuration 2 is forward) packets that exceed the threshold portion according to configuration 2. And delete the MAC address that exceeds the threshold but has been reported to the master.
在虚拟局域网X内的MAC地址数目小于阈值的时候,负责通知所有的线卡消息2:打开虚拟局域网X内的物理地址学习并且不丢弃报文。When the number of MAC addresses in the virtual local area network X is less than the threshold, it is responsible for notifying all the line card messages 2: opening the physical address learning in the virtual local area network X and not discarding the message.
线卡端:Line card end:
所有线卡硬件在收到源MAC地址不同的报文后,要上报MAC地址信息给线卡CPU,线卡CPU再发送消息给主控端的CPU。所有线卡主要在接收到主控的消息1后通过设置可编程逻辑器件来控制硬件不再上报超出阈值部分的MAC地址,并下发驱动按照配置2处理超出阈值部分的报文(丢弃或直接转发)。并且删除主控通知删除的超出阈值的MAC地址。After receiving the packets with different source MAC addresses, all line card hardware reports the MAC address information to the line card CPU, and the line card CPU sends a message to the CPU of the host. All the line cards mainly control the hardware to no longer report the MAC address exceeding the threshold part by setting the programmable logic device after receiving the message 1 of the master control, and the driver sends the message that exceeds the threshold part according to the configuration 2 (discard or directly Forward). And delete the MAC address that exceeds the threshold deleted by the master notification.
所有线卡在收到主控端的消息2后通过可编程逻辑器件来控制硬件打开该虚拟局域网内的MAC学习。All line cards control the hardware to open the MAC learning in the virtual local area network through the programmable logic device after receiving the message 2 of the host.
需要说明的是,可编程逻辑器件应当具备以下功能:1、丢弃超出源MAC限制报文;2、设置基于VLAN的源MAC限制阈值。It should be noted that the programmable logic device should have the following functions: 1. Discard the source MAC address limit message; 2. Set the VLAN-based source MAC address limit threshold.
以机架式交换机为例,对动态限制方式下,机架式交换机中主控端和线卡端的工作过程进行说明如下:打开动态限制所有VLAN内MAC数量的功能后,主控需要实时监控当前所有VLAN学到的MAC的总量,当前学到的MAC总量达到不同的水线的时候,需要采取一些策略对不同的VLAN设置不同的MAC限制值,并通知线卡设置硬件。并且对于占用较多MAC资源的VLAN内采取加快老化速度方法,使长期不使用的MAC快速老化,释放MAC资源。并且根据配置5配置的不同优先级,保留某些优先级的MAC学习,关闭某些较低优先级的MAC学习。在低于不同的水线后,恢复低于该水线的限制方式,当低于最低的水线时,不再限制MAC学习,并通知线卡设置硬件。Take the rack switch as an example. In the dynamic limit mode, the working process of the master and line card in the rack switch is as follows: After the function of dynamically limiting the number of MACs in all VLANs is enabled, the master needs to monitor the current status in real time. When the total number of learned MACs reaches the different watermarks, you need to adopt some strategies to set different MAC limit values for different VLANs and notify the line card to set the hardware. The method of speeding up the aging process is adopted in the VLAN that occupies more MAC resources, so that the MAC that is not used for a long time is rapidly aged and the MAC resources are released. And according to the different priorities configured in configuration 5, some priority MAC learning is reserved, and some lower priority MAC learning is turned off. After the water line is lower than the water line, the limit is lower than the water line. When the water line is lower than the lowest water line, MAC learning is no longer restricted, and the line card is set to set the hardware.
以盒式交换机为例,对动态限制方式进行说明如下:打开动态限制所有VLAN内MAC数量的功能后,交换机CPU需要实时监控当前所有VLAN学到的MAC的总量,当前学到的MAC总量达到不同的水线的时候,需要采取一些策略对不同的VLAN设置不同的MAC限制值。并且对于占用较多MAC资源的VLAN内采取加快老化速度方法,使长期不使用的MAC快速老化,释放MAC资源。并且根据配置5配置的不同优先级,保留某些优先级的MAC学习,关闭某些较低优先级的MAC学习。在低于不同的水线后,恢复低于 该水线的限制方式,当低于最低的水线时,不再限制MAC学习。Take the box switch as an example. The dynamic limit mode is described as follows: After the dynamic limit of the number of MAC addresses in all VLANs is enabled, the switch CPU needs to monitor the total number of MACs learned by all VLANs in real time, and the total number of MACs learned. When different watermarks are reached, some strategies are needed to set different MAC limit values for different VLANs. The method of speeding up the aging process is adopted in the VLAN that occupies more MAC resources, so that the MAC that is not used for a long time is rapidly aged and the MAC resources are released. And according to the different priorities configured in configuration 5, some priority MAC learning is reserved, and some lower priority MAC learning is turned off. After being below the different waterline, the recovery is lower than The waterline is limited in its way of limiting MAC learning when it is below the minimum waterline.
图7是根据本发明优选实施例的交换机虚拟局域网中MAC地址的学习方法的流程图,该优选实施例对应上述内容中的用户设置方式,如图7所示,该流程包括:FIG. 7 is a flowchart of a method for learning a MAC address in a virtual local area network of a switch according to a preferred embodiment of the present invention. The preferred embodiment corresponds to a user setting manner in the foregoing content. As shown in FIG. 7, the process includes:
步骤S702,机架式交换机所有线卡总共收到虚拟局域网X内y个源MAC地址都不相同的报文,其中,y>=LIMITx。In step S702, all the line cards of the rack switch receive a total of y packets with different source MAC addresses in the virtual local area network X, where y>=LIMITx.
步骤S704,每块线卡的芯片将学习到MAC上报线卡自身的CPU(中央处理器)。In step S704, the chip of each line card learns the CPU (the central processing unit) of the MAC reporting line card itself.
步骤S706,每块线卡的CPU通过板间通讯将学到的MAC地址信息(包括MAC地址+VLAN+端口号)报告给机架式交换机的主控。Step S706, the CPU of each line card reports the learned MAC address information (including the MAC address + VLAN + port number) to the master of the rack switch through inter-board communication.
步骤S708,机架式交换机的主控将收到的MAC消息添加到软件管理MAC地址的MAC表中,该表记录了所有学到的MAC地址的信息(包括MAC地址+VLAN+端口号)的信息。Step S708, the master controller of the rack switch adds the received MAC message to the MAC table of the software management MAC address, and the table records information about all learned MAC address information (including MAC address + VLAN + port number). .
步骤S710,判断监控机架式交换机的主控的软件管理的虚拟局域网X中MAC地址数量(即,y)是否达到LIMITx。若达到LIMITx,则跳到步骤S712;若没有达到LIMITx,则继续监控,跳到步骤S710。Step S710, determining whether the number of MAC addresses (ie, y) in the virtual local area network X managed by the software monitoring the master of the rack switch reaches LIMITx. If LIMITx is reached, then the process goes to step S712; if LIMITx is not reached, the monitoring is continued, and the process goes to step S710.
步骤S712,通知机架式交换机的所有线卡关闭该VLAN内MAC地址学习。Step S712, notifying all line cards of the rack switch to close the MAC address learning in the VLAN.
步骤S714,判断当前配置2的限制策略是forward还是drop(通过配置2决定)。如果是forward,则跳到步骤S716;如果是drop,则跳到步骤S718。In step S714, it is determined whether the restriction policy of the current configuration 2 is forward or drop (determined by configuration 2). If it is forward, then go to step S716; if it is drop, then go to step S718.
步骤S716,所有线卡下发寄存器虚拟局域网X内不允许再进行MAC地址学习,以及对没有学习源MAC的报文的处理方式为直接转发,这时只有虚拟局域网X的MAC地址学习受到限制,并且已经学到MAC地址的报文能正常转发,而其他的虚拟局域网内MAC地址仍然可以正常学习,报文也可以正常转发。In step S716, all the line card issuing registers in the virtual local area network X are not allowed to perform MAC address learning again, and the processing method of the message without the learning source MAC is directly forwarded. At this time, only the MAC address learning of the virtual local area network X is restricted. The packets of the MAC address can be forwarded normally, and the MAC addresses of other virtual LANs can still be learned normally, and the packets can be forwarded normally.
步骤S718,所有线卡下发硬件(驱动)虚拟局域网X内不准进行MAC地址学习,以及对没有学习源MAC地址的报文的处理为丢弃。这时只有虚 拟局域网X的MAC学习受到限制,并且已经学到MAC地址的报文能正常转发,而其他的虚拟局域网内MAC仍然可以正常学习,报文也可以正常转发。In step S718, the MAC address learning is not allowed in all the line card delivery hardware (drive) virtual local area network X, and the processing of the message without the learning source MAC address is discarded. At this time, only the virtual The MAC learning of the proposed local area network X is restricted, and the packets of the MAC address can be forwarded normally, and the MAC addresses of other virtual local area networks can still be learned normally, and the packets can be forwarded normally.
步骤S720,在监控机架式交换机的主控的软件管理的虚拟局域网X中MAC地址数量(即,y)达到配置1的阈值LIMITx后,判断是否因为某种原因(比如MAC老化,手动删除MAC等)虚拟局域网X内MAC地址总数少于LIMITx。如果是,则跳到步骤S722,如果不是,则继续监控,跳到步骤S720。In step S720, after the number of MAC addresses (ie, y) in the virtual LAN X of the software management of the master of the rack switch is monitored to reach the threshold LIMITx of the configuration 1, it is determined whether the MAC is manually deleted for some reason (such as MAC aging). Etc.) The total number of MAC addresses in Virtual LAN X is less than LIMITx. If yes, go to step S722, if not, continue monitoring, and go to step S720.
步骤S722,机架式交换机主控会发送解除虚拟局域网X内MAC地址数目限制消息给所有线卡,所有报文恢复正常转发。这时其他的虚拟局域网内MAC地址仍然可以正常学习,所有报文也可以正常转发。In step S722, the main controller of the rack switch sends a message for releasing the MAC address limit in the virtual local area network X to all the line cards, and all the messages are resumed and forwarded normally. At this time, the MAC addresses of other virtual LANs can still be learned normally, and all packets can be forwarded normally.
步骤S724,所有线卡收到主控发送的消息后,会下发硬件(驱动)允许虚拟局域网X内MAC地址学习,所有报文恢复正常转发。然后跳到步骤S710。In step S724, after receiving the message sent by the master control, all the line cards send the hardware (drive) to allow the MAC address in the virtual local area network X to learn, and all the messages resume normal forwarding. Then skip to step S710.
图8是根据本发明优选实施例的交换机虚拟局域网中MAC地址的学习方法的流程图,该优选实施例对应上述内容中的动态限制设置方式,如图8所示,该流程包括:FIG. 8 is a flowchart of a method for learning a MAC address in a virtual local area network of a switch according to a preferred embodiment of the present invention. The preferred embodiment corresponds to a dynamic limit setting manner in the foregoing content. As shown in FIG. 8, the process includes:
步骤802,交换机配置了n个(n>1)虚拟局域网。In step 802, the switch configures n (n>1) virtual local area networks.
步骤804,交换机CPU实时监控当前所有VLAN内学到的MAC的总和是否达到某动态水线,(假设a>=50%)。In step 804, the switch CPU monitors in real time whether the sum of the learned MACs in all the current VLANs reaches a certain dynamic waterline (assuming a>=50%).
步骤806,当学到所有VLAN内学到的MAC的总和达到水线(MAC地址总量*a%)的时候,跳到步骤808,当所有VLAN内学到的MAC的总和达到水线(MAC地址总量*b%)的时候,(b>a)跳到步骤812。 Step 806, when learning that the sum of MACs learned in all VLANs reaches the watermark (total MAC address *a%), skip to step 808, when the sum of MACs learned in all VLANs reaches the watermark (MAC) When the total number of addresses *b%), (b>a) jumps to step 812.
步骤808,检查所有VLAN内的MAC数量,对不同的VLAN采取不同的限制值。例如如果某个VLAN内的数量大于等于(MAC地址总量/n),则设置该VLAN内的MAC数量限制值为(MAC地址总量*a%),然后跳到步骤810;如果某个VLAN内的MAC数量小于(MAC地址总量/n),则设置该VLAN内的MAC数量限制值为(MAC地址总量),即不限制该VLAN 内的MAC学习。In step 808, the number of MAC addresses in all VLANs is checked, and different restrictions are adopted for different VLANs. For example, if the number of VLANs is greater than or equal to (the total number of MAC addresses / n), set the MAC address limit value in the VLAN (the total number of MAC addresses * a%), and then skip to step 810; if a VLAN If the number of MAC addresses is less than (the total number of MAC addresses/n), set the limit value of the number of MACs in the VLAN (the total number of MAC addresses), that is, the VLAN is not restricted. MAC learning within.
步骤810,判断当前配置4的该优先级范围内的MAC的是否允许继续学习,如果允许,则通过设置硬件继续允许MAC学习;如果禁止,则通过设置硬件关闭该MAC范围的MAC学习。Step 810: Determine whether the MAC in the priority range of the current configuration 4 is allowed to continue learning. If allowed, continue to allow MAC learning by setting hardware; if prohibited, disable MAC learning of the MAC range by setting hardware.
步骤812,检查所有VLAN内的MAC数量,对不同的VLAN采取不同的限制值。如果某个VLAN内的数量大于等于(MAC地址总量*a%),则设置该VLAN内的MAC限制值为当前该VLAN学到的MAC值,并跳到步骤814;如果某个VLAN内的数量小于(MAC地址总量*a%),则继续判断上述某个VLAN内的MAC数量是否大于等于(MAC地址总量/n),如果上述某个VLAN内的MAC数量大于等于(MAC地址总量/n),则设置该VLAN内的MAC限制值为(MAC地址总量*a%),并跳到步骤814;如果上述某个VLAN内的MAC数量小于(MAC地址总量/n),则设置该VLAN内的MAC限制值为(MAC地址总量/n)。In step 812, the number of MACs in all VLANs is checked, and different restrictions are adopted for different VLANs. If the number of the VLANs is greater than or equal to (the total number of MAC addresses *a%), set the MAC limit value in the VLAN to the MAC value learned by the current VLAN, and skip to step 814; If the number is less than (the total number of MAC addresses *a%), continue to determine whether the number of MAC addresses in a certain VLAN is greater than or equal to (the total number of MAC addresses / n), if the number of MACs in one of the above VLANs is greater than or equal to (the total number of MAC addresses) Quantity / n), set the MAC limit value in the VLAN (total MAC address * a%), and jump to step 814; if the number of MACs in one of the above VLANs is less than (the total number of MAC addresses / n), Then set the MAC limit value in the VLAN (the total number of MAC addresses / n).
步骤814,对于已经占用较多MAC资源的VLAN,采取快速老化,加快老化速度,删除长期没有更新使用的MAC地址。Step 814: Perform fast aging on the VLAN that has occupied more MAC resources, speed up the aging process, and delete the MAC address that has not been updated for a long time.
此外,本发明实施例还提供一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现上述方法。In addition, an embodiment of the present invention further provides a computer readable storage medium storing computer executable instructions, which are implemented when executed by a processor.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序来指令相关硬件(例如处理器)完成,所述程序可以存储于计算机可读存储介质中,如只读存储器、磁盘或光盘等。可选地,上述实施例的全部或部分步骤也可以使用一个或多个集成电路来实现。相应地,上述实施例中的各模块/单元可以采用硬件的形式实现,例如通过集成电路来实现其相应功能,也可以采用软件功能模块的形式实现,例如通过处理器执行存储于存储器中的程序指令来实现其相应功能。本申请不限制于任何特定形式的硬件和软件的结合。 One of ordinary skill in the art will appreciate that all or a portion of the above steps may be performed by a program to instruct related hardware, such as a processor, which may be stored in a computer readable storage medium, such as a read only memory, disk or optical disk. Wait. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the above embodiment may be implemented in the form of hardware, for example, by implementing an integrated circuit to implement its corresponding function, or may be implemented in the form of a software function module, for example, executing a program stored in the memory by a processor. Instructions to achieve their corresponding functions. This application is not limited to any specific combination of hardware and software.
需要说明的是,本申请还可有其他多种实施例,在不背离本申请精神及其实质的情况下,熟悉本领域的技术人员可根据本申请作出各种相应的改变和变形,但这些相应的改变和变形都应属于本申请所附的权利要求的保护范围。It should be noted that various other embodiments and modifications may be made by those skilled in the art without departing from the spirit and scope of the application, Corresponding changes and modifications are intended to fall within the scope of the appended claims.
工业实用性Industrial applicability
本发明实施例提供的技术方案,采用判断虚拟局域网中学习到的MAC地址的数量是否达到限制条件,其中,限制条件为以下之一:预设阈值和预设动态水线值;在判断出虚拟局域网中学习到的MAC地址的数量达到限制条件的情况下,停止学习达到限制条件后接收到的MAC地址,并按照预设方式处理限制条件后接收到的MAC地址的报文,其中,预设方式包括以下之一:转发或者丢弃,解决了相关技术中无法控制交换机虚拟局域网学习MAC地址的问题,进而达到了提高虚拟局域网运行稳定性的效果。 The technical solution provided by the embodiment of the present invention determines whether the number of learned MAC addresses in the virtual local area network reaches a limit condition, wherein the constraint condition is one of the following: a preset threshold and a preset dynamic watermark value; If the number of MAC addresses learned in the local area network reaches the limit condition, the MAC address received after the restriction condition is stopped, and the MAC address received after the restriction condition is processed according to a preset manner, where the preset is preset. The method includes one of the following: forwarding or discarding, which solves the problem that the related technology cannot control the learning MAC address of the switch virtual local area network, thereby achieving the effect of improving the stability of the virtual local area network.

Claims (12)

  1. 一种交换机虚拟局域网中MAC地址的学习方法,包括:A method for learning a MAC address in a virtual LAN of a switch, comprising:
    判断虚拟局域网中学习到的MAC地址的数量是否达到限制条件,其中,所述限制条件包括以下之一:预设阈值,预设动态水线值;Determining whether the number of learned MAC addresses in the virtual local area network reaches a limit condition, where the limitation condition includes one of the following: a preset threshold, a preset dynamic watermark value;
    在判断出所述虚拟局域网中学习到的MAC地址的数量达到所述限制条件的情况下,停止学习达到所述限制条件后接收到的MAC地址,并按照预设方式处理所述限制条件后接收到的MAC地址的报文,其中,所述预设方式包括以下之一:转发,丢弃。When it is determined that the number of learned MAC addresses in the virtual local area network reaches the restriction condition, stopping learning the MAC address received after reaching the restriction condition, and receiving the restriction condition according to a preset manner, and receiving the The packet of the MAC address to which the preset mode includes one of the following: forwarding, discarding.
  2. 根据权利要求1所述的方法,其中:The method of claim 1 wherein:
    若所述限制条件为预设动态水线值,判断所述虚拟局域网中学习到的MAC地址的数量是否达到限制条件包括:If the limit condition is a preset dynamic watermark value, determining whether the number of learned MAC addresses in the virtual local area network reaches a limit condition includes:
    统计交换机的全部所述虚拟局域网中学习到的MAC地址之和,得到第一总MAC地址;Counting the sum of the learned MAC addresses in all the virtual local area networks of the switch, and obtaining the first total MAC address;
    判断所述第一总MAC地址是否达到第一预设动态水线值,其中,所述第一预设动态水线值为第二总MAC地址与第一预设动态水线百分比的乘积,所述第二总MAC地址为全部所述虚拟局域网内MAC地址之和,Determining whether the first total MAC address reaches a first preset dynamic watermark value, wherein the first preset dynamic watermark value is a product of a second total MAC address and a percentage of a first preset dynamic waterline, Said second total MAC address is the sum of MAC addresses in all said virtual local area networks,
    其中,在判断出所述第一总MAC地址达到所述第一预设动态水线值的情况下,确定所述虚拟局域网中学习到的MAC地址的数量达到所述限制条件。And determining, in the case that the first total MAC address reaches the first preset dynamic watermark value, determining that the number of learned MAC addresses in the virtual local area network reaches the restriction condition.
  3. 根据权利要求2所述的方法,其中:The method of claim 2 wherein:
    判断所述虚拟局域网中学习到的MAC地址的数量是否达到限制条件还包括:Determining whether the number of learned MAC addresses in the virtual local area network reaches a limit condition further includes:
    在判断出所述第一总MAC地址未达到所述第一预设动态水线值的情况下,判断所述第一总MAC地址是否达到第二预设动态水线值,其中,所述第二预设动态水线值为所述第二总MAC地址与第二预设动态水线百分比的乘积,且所述第二预设动态水线值小于所述第一预设动态水线值,When it is determined that the first total MAC address does not reach the first preset dynamic watermark value, determining whether the first total MAC address reaches a second preset dynamic watermark value, wherein the first The second preset dynamic watermark value is a product of the second total MAC address and a second preset dynamic waterline percentage, and the second preset dynamic watermark value is smaller than the first preset dynamic watermark value,
    其中,在判断出所述第一总MAC地址达到所述第二预设动态水线值的 情况下,确定所述虚拟局域网中学习到的MAC地址的数量达到所述限制条件。Wherein, determining that the first total MAC address reaches the second preset dynamic watermark value In case, it is determined that the number of learned MAC addresses in the virtual local area network reaches the constraint condition.
  4. 根据权利要求2所述的方法,其中:The method of claim 2 wherein:
    在判断出所述第一总MAC地址达到所述第一预设动态水线值的情况下,所述方法还包括:And determining that the first total MAC address reaches the first preset dynamic watermark value, the method further includes:
    获取全部所述虚拟局域网中每个所述虚拟局域网内MAC地址的数量;Obtaining the number of MAC addresses in each of the virtual local area networks in the virtual local area network;
    判断全部所述虚拟局域网中第一目标虚拟局域网内MAC地址数量是否大于或等于所述第一预设动态水线值;Determining whether the number of MAC addresses in the first target virtual local area network in all the virtual local area networks is greater than or equal to the first preset dynamic water line value;
    在判断出全部所述虚拟局域网中第一目标虚拟局域网内MAC地址数量大于或等于所述第一预设动态水线值的情况下,设置所述第一目标虚拟局域网内MAC地址数量的限制值为所述第一目标虚拟局域网中学习到的MAC地址的数量,并删除所述第一目标虚拟局域网中学习到的却在预设时间段内未使用的MAC地址;Setting a limit value of the number of MAC addresses in the first target virtual local area network, if it is determined that the number of MAC addresses in the first target virtual local area network is greater than or equal to the first preset dynamic watermark value in all the virtual local area networks And the number of learned MAC addresses in the first target virtual local area network, and deleting the MAC addresses learned in the first target virtual local area network but not used in the preset time period;
    在判断出全部所述虚拟局域网中第一目标虚拟局域网内MAC地址数量小于所述第一预设动态水线值的情况下,判断所述第一目标虚拟局域网内MAC地址数量是否大于或等于MAC地址平均值,其中,所述MAC地址平均值为所述第二总MAC地址与全部所述虚拟局域网的数量的商值;If it is determined that the number of MAC addresses in the first target virtual local area network is smaller than the first preset dynamic watermark value in all the virtual local area networks, determine whether the number of MAC addresses in the first target virtual local area network is greater than or equal to the MAC address. An address average, wherein the MAC address average is a quotient of the second total MAC address and the number of all the virtual local area networks;
    在判断出所述第一目标虚拟局域网内MAC地址数量大于或等于所述MAC地址平均值的情况下,设置第一目标虚拟局域网内MAC地址数量的限制值为第二预设动态水线值,并删除所述第一目标虚拟局域网中学习到的却在预设时间段内未使用的MAC地址,其中,所述第二预设动态水线值为所述第二总MAC地址与第二预设动态水线百分比的乘积,且所述第二预设动态水线值小于所述第一预设动态水线值;When it is determined that the number of MAC addresses in the first target virtual local area network is greater than or equal to the average value of the MAC addresses, setting a limit value of the number of MAC addresses in the first target virtual local area network is a second preset dynamic watermark value, And deleting the MAC address learned in the first target virtual local area network but not used in the preset time period, wherein the second preset dynamic watermark value is the second total MAC address and the second pre- Setting a product of a dynamic waterline percentage, and the second preset dynamic watermark value is less than the first preset dynamic watermark value;
    在判断出所述第一目标虚拟局域网内MAC地址数量小于所述MAC地址平均值的情况下,设置所述第一目标虚拟局域网内MAC地址数量的限制值为所述MAC地址平均值。When it is determined that the number of MAC addresses in the first target virtual local area network is smaller than the average value of the MAC addresses, setting a limit value of the number of MAC addresses in the first target virtual local area network is the average value of the MAC addresses.
  5. 根据权利要求3所述的方法,其中:The method of claim 3 wherein:
    在判断出所述第一总MAC地址达到所述第二预设动态水线值的情况下, 所述方法还包括:After determining that the first total MAC address reaches the second preset dynamic watermark value, The method further includes:
    获取全部所述虚拟局域网中每个所述虚拟局域网内MAC地址的数量;Obtaining the number of MAC addresses in each of the virtual local area networks in the virtual local area network;
    判断全部所述虚拟局域网中第二目标虚拟局域网内MAC地址数量是否大于或等于MAC地址平均值,所述MAC地址平均值为所述第二总MAC地址与全部所述虚拟局域网的数量的商值;Determining whether the number of MAC addresses in the second target virtual local area network in the virtual local area network is greater than or equal to a MAC address average value, where the average value of the MAC address is a quotient of the second total MAC address and the number of all the virtual local area networks. ;
    在判断出全部所述虚拟局域网中第二目标虚拟局域网内MAC地址数量大于或等于所述MAC地址平均值的情况下,设置所述第二目标虚拟局域网内MAC地址数量的限制值为所述第一预设动态水线值;When it is determined that the number of MAC addresses in the second target virtual local area network is greater than or equal to the average value of the MAC addresses in all the virtual local area networks, setting a limit value of the number of MAC addresses in the second target virtual local area network is the a preset dynamic waterline value;
    在判断出全部所述虚拟局域网中第二目标虚拟局域网内MAC地址数量小于所述MAC地址平均值的情况下,设置第二目标虚拟局域网内MAC地址数量的限制值为所述第二总MAC地址。When it is determined that the number of MAC addresses in the second target virtual local area network is smaller than the average value of the MAC address in all the virtual local area networks, setting a limit value of the number of MAC addresses in the second target virtual local area network is the second total MAC address. .
  6. 根据权利要求5所述的方法,其中:The method of claim 5 wherein:
    在设置所述第二目标虚拟局域网内MAC地址数量的限制值为所述第一预设动态水线值之后,所述方法还包括:After the setting of the limit value of the number of MAC addresses in the second target virtual local area network is the first preset dynamic watermark value, the method further includes:
    确定所述第二目标虚拟局域网处于的优先级范围,其中,所述优先级范围用于指示是否继续学习所述第二目标虚拟局域网内的MAC地址。Determining a priority range in which the second target virtual local area network is located, wherein the priority range is used to indicate whether to continue learning the MAC address in the second target virtual local area network.
  7. 一种交换机虚拟局域网中MAC地址的学习装置,包括:A learning device for MAC address in a virtual LAN of a switch, comprising:
    第一判断模块,设置为判断虚拟局域网中学习到的MAC地址的数量是否达到限制条件,其中,所述限制条件包括以下之一:预设阈值,预设动态水线值;The first determining module is configured to determine whether the number of learned MAC addresses in the virtual local area network reaches a limiting condition, where the limiting condition includes one of the following: a preset threshold, a preset dynamic watermark value;
    处理模块,设置为在判断出所述虚拟局域网中学习到的MAC地址的数量达到所述限制条件的情况下,停止学习达到所述限制条件后接收到的MAC地址,并按照预设方式处理所述限制条件后接收到的MAC地址的报文,其中,所述预设方式包括以下之一:转发,丢弃。The processing module is configured to, after determining that the number of MAC addresses learned in the virtual local area network reaches the restriction condition, stop learning the MAC address received after reaching the constraint condition, and process the device according to a preset manner. The packet of the MAC address received after the restriction condition, where the preset manner includes one of the following: forwarding, discarding.
  8. 根据权利要求7所述的装置,其中:The device of claim 7 wherein:
    若所述限制条件为预设动态水线值,所述第一判断模块包括:If the constraint condition is a preset dynamic watermark value, the first determining module includes:
    统计单元,设置为统计交换机的全部所述虚拟局域网中学习到的MAC 地址之和,得到第一总MAC地址;A statistical unit, configured to count the learned MACs in all of the virtual local area networks of the switch The sum of the addresses, the first total MAC address is obtained;
    第一判断单元,设置为判断所述第一总MAC地址是否达到第一预设动态水线值,其中,所述第一预设动态水线值为第二总MAC地址与第一预设动态水线百分比的乘积,所述第二总MAC地址为全部所述虚拟局域网内MAC地址之和,The first determining unit is configured to determine whether the first total MAC address reaches a first preset dynamic watermark value, wherein the first preset dynamic watermark value is a second total MAC address and a first preset dynamic The product of the percentage of the waterline, the second total MAC address being the sum of the MAC addresses in all of the virtual local area networks,
    其中,在判断出所述第一总MAC地址达到所述第一预设动态水线值的情况下,确定所述虚拟局域网中学习到的MAC地址的数量达到所述限制条件。And determining, in the case that the first total MAC address reaches the first preset dynamic watermark value, determining that the number of learned MAC addresses in the virtual local area network reaches the restriction condition.
  9. 根据权利要求8所述的装置,其中:The device of claim 8 wherein:
    所述第一判断模块还包括:The first determining module further includes:
    第二判断单元,设置为在判断出所述第一总MAC地址未达到所述第一预设动态水线值的情况下,判断所述第一总MAC地址是否达到第二预设动态水线值,其中,所述第二预设动态水线值为所述第二总MAC地址与第二预设动态水线百分比的乘积,且所述第二预设动态水线值小于所述第一预设动态水线值,The second determining unit is configured to determine whether the first total MAC address reaches the second preset dynamic waterline if it is determined that the first total MAC address does not reach the first preset dynamic watermark value a value, wherein the second preset dynamic watermark value is a product of the second total MAC address and a second preset dynamic waterline percentage, and the second preset dynamic watermark value is smaller than the first Preset dynamic watermark value,
    其中,在判断出所述第一总MAC地址达到所述第二预设动态水线值的情况下,确定所述虚拟局域网中学习到的MAC地址的数量达到所述限制条件。And determining, in the case that the first total MAC address reaches the second preset dynamic watermark value, determining that the number of learned MAC addresses in the virtual local area network reaches the restriction condition.
  10. 根据权利要求8所述的装置,所述装置还包括:The apparatus of claim 8 further comprising:
    第一获取模块,设置为在判断出所述第一总MAC地址达到所述第一预设动态水线值的情况下,获取全部所述虚拟局域网中每个所述虚拟局域网内MAC地址的数量;a first acquiring module, configured to acquire, in the case that the first total MAC address reaches the first preset dynamic watermark value, the number of MAC addresses in each of the virtual local area networks ;
    第二判断模块,设置为判断全部所述虚拟局域网中第一目标虚拟局域网内MAC地址数量是否大于或等于所述第一预设动态水线值;a second determining module, configured to determine whether the number of MAC addresses in the first target virtual local area network in all the virtual local area networks is greater than or equal to the first preset dynamic water line value;
    第一设置模块,设置为在判断出全部所述虚拟局域网中第一目标虚拟局域网内MAC地址数量大于或等于所述第一预设动态水线值的情况下,设置所述第一目标虚拟局域网内MAC地址数量的限制值为所述第一目标虚拟局域网中学习到的MAC地址的数量,并删除所述第一目标虚拟局域网中学习 到的却在预设时间段内未使用的MAC地址;a first setting module, configured to set the first target virtual local area network if it is determined that the number of MAC addresses in the first target virtual local area network is greater than or equal to the first preset dynamic water line value in all the virtual local area networks The limit of the number of internal MAC addresses is the number of learned MAC addresses in the first target virtual local area network, and deleting the learning in the first target virtual local area network The MAC address that was not used within the preset time period;
    第三判断模块,设置为在判断全出部所述虚拟局域网中第一目标虚拟局域网内MAC地址数量小于所述第一预设动态水线值的情况下,判断所述第一目标虚拟局域网内MAC地址数量是否大于或等于MAC地址平均值,其中,所述MAC地址平均值为所述第二总MAC地址与全部所述虚拟局域网的数量的商值;The third determining module is configured to determine, in the first target virtual local area network, that the number of MAC addresses in the first target virtual local area network is smaller than the first preset dynamic water line value in the virtual local area network of the all-out part Whether the number of MAC addresses is greater than or equal to the average value of the MAC addresses, wherein the average value of the MAC addresses is a quotient of the second total MAC address and the number of all the virtual local area networks;
    第二设置模块,设置为在判断出所述第一目标虚拟局域网内MAC地址数量大于或等于所述MAC地址平均值的情况下,设置第一目标虚拟局域网内MAC地址数量的限制值为第二预设动态水线值,并删除所述第一目标虚拟局域网中学习到的却在预设时间段内未使用的MAC地址,其中,所述第二预设动态水线值为所述第二总MAC地址与第二预设动态水线百分比的乘积,且所述第二预设动态水线值小于所述第一预设动态水线值;a second setting module, configured to set a limit value of the number of MAC addresses in the first target virtual local area network when the number of MAC addresses in the first target virtual local area network is greater than or equal to the average value of the MAC addresses Presetting a dynamic waterline value, and deleting a MAC address learned in the first target virtual local area network but not used in a preset time period, wherein the second preset dynamic watermark value is the second a product of a total MAC address and a second preset dynamic waterline percentage, and the second preset dynamic watermark value is less than the first preset dynamic watermark value;
    第三设置模块,设置为在判断出所述第一目标虚拟局域网内MAC地址数量小于所述MAC地址平均值的情况下,设置所述第一目标虚拟局域网内MAC地址数量的限制值为所述MAC地址平均值。a third setting module, configured to: when it is determined that the number of MAC addresses in the first target virtual local area network is smaller than the average value of the MAC address, setting a limit value of the number of MAC addresses in the first target virtual local area network is Average MAC address.
  11. 根据权利要求9所述的装置,所述装置还包括:The apparatus of claim 9 further comprising:
    第二获取模块,设置为在判断出所述第一总MAC地址达到所述第二预设动态水线值的情况下,获取全部所述虚拟局域网中每个所述虚拟局域网内MAC地址的数量;a second obtaining module, configured to acquire, in the case that the first total MAC address reaches the second preset dynamic watermark value, the number of MAC addresses in each of the virtual local area networks ;
    第四判断模块,设置为判断全部所述虚拟局域网中第二目标虚拟局域网内MAC地址数量是否大于或等于MAC地址平均值,所述MAC地址平均值为所述第二总MAC地址与全部所述虚拟局域网的数量的商值;a fourth determining module, configured to determine whether the number of MAC addresses in the second target virtual local area network in all the virtual local area networks is greater than or equal to a MAC address average value, wherein the MAC address average value is the second total MAC address and all the The quotient of the number of virtual local area networks;
    第四设置模块,设置为在判断出全部所述虚拟局域网中第二目标虚拟局域网内MAC地址数量大于或等于所述MAC地址平均值的情况下,设置所述第二目标虚拟局域网内MAC地址数量的限制值为所述第一预设动态水线值;a fourth setting module, configured to set the number of MAC addresses in the second target virtual local area network, if it is determined that the number of MAC addresses in the second target virtual local area network is greater than or equal to the average value of the MAC address in all the virtual local area networks The limit value is the first preset dynamic watermark value;
    第五设置模块,设置为在判断出全部所述虚拟局域网中第二目标虚拟局域网内MAC地址数量小于所述MAC地址平均值的情况下,设置第二目标虚拟局域网内MAC地址数量的限制值为所述第二总MAC地址。 a fifth setting module, configured to set a limit value of the number of MAC addresses in the second target virtual local area network when determining that the number of MAC addresses in the second target virtual local area network is smaller than the average value of the MAC address in all the virtual local area networks The second total MAC address.
  12. 根据权利要求11所述的装置,所述装置还包括:The apparatus of claim 11 further comprising:
    确定模块,设置为在设置所述第二目标虚拟局域网内MAC地址数量的限制值为所述第一预设动态水线值之后,确定所述第二目标虚拟局域网处于的优先级范围,其中,所述优先级范围用于指示是否继续学习所述第二目标虚拟局域网内的MAC地址。 a determining module, configured to determine a priority range in which the second target virtual local area network is located after setting a limit value of the number of MAC addresses in the second target virtual local area network as the first preset dynamic water line value, where The priority range is used to indicate whether to continue learning the MAC address in the second target virtual local area network.
PCT/CN2016/087311 2015-06-30 2016-06-27 Method and apparatus for learning mac address in virtual local area network of switch WO2017000861A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP16817225.2A EP3319276A4 (en) 2015-06-30 2016-06-27 Method and apparatus for learning mac address in virtual local area network of switch

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510374361.7 2015-06-30
CN201510374361.7A CN106330652A (en) 2015-06-30 2015-06-30 Learning method and device of MAC address in virtual local area network of switch

Publications (1)

Publication Number Publication Date
WO2017000861A1 true WO2017000861A1 (en) 2017-01-05

Family

ID=57607670

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/087311 WO2017000861A1 (en) 2015-06-30 2016-06-27 Method and apparatus for learning mac address in virtual local area network of switch

Country Status (3)

Country Link
EP (1) EP3319276A4 (en)
CN (1) CN106330652A (en)
WO (1) WO2017000861A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483371B (en) * 2017-09-21 2019-11-05 迈普通信技术股份有限公司 A kind of MAC Address management method and business board
CN110365811B (en) * 2019-07-22 2022-03-01 杭州迪普科技股份有限公司 MAC address learning limiting method, device and equipment
CN112838993B (en) * 2019-11-22 2022-11-11 武汉神州数码云科网络技术有限公司 Method for realizing dynamic issuing of MAC VLAN
CN113542130B (en) * 2021-07-22 2023-07-14 新华三信息安全技术有限公司 Address table item processing method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488899A (en) * 2008-01-17 2009-07-22 中兴通讯股份有限公司 MAC address learning limitation method and apparatus used in 1:1 VLAN access network
CN102594704A (en) * 2012-03-20 2012-07-18 神州数码网络(北京)有限公司 Control method for address accessing network based on security port
US20130182722A1 (en) * 2010-11-01 2013-07-18 Deepak Mysore Vishveswaraiah Managing mac moves with secure port groups

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7139269B2 (en) * 2000-06-09 2006-11-21 Broadcom Corporation Cascading of gigabit switches
US7154899B2 (en) * 2002-02-01 2006-12-26 Corrigent Systems Ltd. Protecting the filtering database in virtual bridges
US7508757B2 (en) * 2004-10-15 2009-03-24 Alcatel Lucent Network with MAC table overflow protection
US8208407B2 (en) * 2008-08-15 2012-06-26 Cisco Technology, Inc. Optimized flush operation in response to topology changes for spanning tree protocols
CN102045262B (en) * 2011-01-14 2012-05-30 福建星网锐捷网络有限公司 Updating method, device and network equipment of media access control address table
CN102932501B (en) * 2012-11-08 2015-06-10 杭州迪普科技有限公司 Address pool resource protecting method and device thereof
CN103595638B (en) * 2013-11-04 2016-09-28 北京星网锐捷网络技术有限公司 A kind of MAC address learning method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488899A (en) * 2008-01-17 2009-07-22 中兴通讯股份有限公司 MAC address learning limitation method and apparatus used in 1:1 VLAN access network
US20130182722A1 (en) * 2010-11-01 2013-07-18 Deepak Mysore Vishveswaraiah Managing mac moves with secure port groups
CN102594704A (en) * 2012-03-20 2012-07-18 神州数码网络(北京)有限公司 Control method for address accessing network based on security port

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3319276A4 *

Also Published As

Publication number Publication date
EP3319276A1 (en) 2018-05-09
CN106330652A (en) 2017-01-11
EP3319276A4 (en) 2019-03-20

Similar Documents

Publication Publication Date Title
US11190449B2 (en) Packet control method and network apparatus
US7916718B2 (en) Flow and congestion control in switch architectures for multi-hop, memory efficient fabrics
US8121038B2 (en) Backward congestion notification
US9819590B2 (en) Method and apparatus for notifying network abnormality
US20170251077A1 (en) Per-input port, per-control plane network data traffic class control plane policing
US20120207175A1 (en) Dynamic load balancing for port groups
US8576866B2 (en) Hierarchical rate limiting of control packets
WO2017000861A1 (en) Method and apparatus for learning mac address in virtual local area network of switch
EP4024146A1 (en) Method and apparatus for controlling data transmission, and storage medium
CN106330742B (en) Flow control method and network controller
US20120170462A1 (en) Traffic flow control based on vlan and priority
US8693335B2 (en) Method and apparatus for control plane CPU overload protection
JP2011523242A (en) Method, system, and computer-readable medium for dynamic bandwidth limited slow pass processing of exception packets
WO2009121253A1 (en) Network configuring method for preventing attack, method and device for preventing attack
US20220286409A1 (en) Method and apparatus for configuring quality of service policy for service, and computing device
CN115150334A (en) Data transmission method and device based on time-sensitive network and communication equipment
RU2580395C2 (en) System and method for realizing end-to-end hierarchical quality of service
DE102022103981A1 (en) FLOW CONTROL TECHNOLOGIES
WO2022028342A1 (en) Method for processing congestion flow and device
US20160226772A1 (en) Facilitating congestion control in a network switch fabric based on group traffic rates
JP2014082536A (en) Frame transfer device and frame transfer method
US20080002586A1 (en) End-point based tamper resistant congestion management
US20160234122A1 (en) Facilitating congestion control in a network switch fabric based on group and aggregate traffic rates
US7870285B2 (en) Mitigating subscriber side attacks in a cable network
Cisco Configuring Port-Based Traffic Control

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16817225

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2016817225

Country of ref document: EP